(feat) Implement delete flag with the new permissions scheme

Since our delete permissions are combined with editing permissions, this is an excellent place to start and role out the new RBAC permissions scheme.

Wherever we check for delete permissions, use the new role based stuff to calculate. When we look up an entitie's ownership, use RBAC to assign owner permissions. This will only have to get overridden by the admin roles and the group ownership roles