Allow manging policy files in horizon

Summary

The policies configured in the different services need to be made available to Horizon in order to guide the user regarding which actions are even allowed.

Related issues: #281, #116 (closed), #129 (closed)

Use cases

• As a user, I don't want to see buttons I'm not allowed to use, or whatever sensible Horizon does with the policies.
• As an operator, I do not want to have to copy policy files manually over to Horizon.

Proposal

The HorizonDeployment may gain (optional!) novaRef, cinderRef, keystoneRef, … fields which allow to link Horizon against the various components.

Specification

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this issue are to be interpreted in the spirit of RFC 2119, even though we're not technically doing protocol design.

• MUST NOT require any of the references to be deployable
• MUST restart Horizon when the policies change
• SHOULD fall back to default policies if a reference is not given
• SHOULD allow injection of keystone policies in the case of an external Keystone (potentially by requiring the user to place a strategically well-labelled configmap containing the policy)