Allow to grant user/group permissions on storage paths

[ekazachkova]

Background
At the moment, Cloud Pipeline does not allow to grant permissions directly on storage path and it would be nice to support it.

Approach

API part

1. a new flag pathPermissionsEnabled shall added for storage object. This flag indicates that path permissions management available for specified storage. This flag shall be available to apply only on storage creation.
2. a new method to update all permissions for specific user or group shall be implemented:
   POST /datastorage/<storageID>/paths/permissions?sidName=<user/group>&principal=<true/false>

# Request Body
[{
    # to grant permissions on file
    "fileName": "file.txt",
    "mask": 1,
    "folderPath": "path/to/folder"
  },
  {
    # to grant permissions on folder
    "mask": 5,
    "folderPath": "path/to/folder"
  }, ...
]

This method shall be available for admins and storage owners.
If pathPermissionsEnabled flag is switched off for specified storage an error shall be occurred.
This method shall be used when owner/admin desired to grant path permissions for specific user or group. All already existing permissions for specified user/group will be overwrited.

3. a new method to fetch all path permissions for current user on specified storage shall be implemented:
   GET /datastorage/<storageID>/paths/permissions

# Response Body
[{
    # if permissions granted on file
    "fileName": "file.txt",
    "mask": 1,
    "folderPath": "path/to/folder"
  },
  {
    # if permissions granted on folder
    "mask": 5,
    "folderPath": "path/to/folder"
  }, ...
]

This method shall be available for users with at least READ permissions on storage.
If pathPermissionsEnabled flag is switched off for specified storage an error shall be occurred.
This method shall be useful for pipe storage CLI operations.

4. all currently implemented API methods for storage files/folders management shall respect permissions on paths:

   • if write permissions are not granted to file/folder deletion shall not be available
   • if permissions are only granted for some of the folders or files in the requested directory folders or files without permissions shall not be listed
   • and so on ...

5. when storage deletion requested all path permissions shall be removed as well.

6. a new API method to load users or groups that have path permissions for specified storage:
   GET /datastorage/<storageID>/paths/permissions/sids

[{
    "name": "USER",
    "principal": true 
},
{
    "name": "GROUP",
    "principal": false 
},
]

This method shall be available for admins and storage owners.

7. a new API method to delete storage path permissions for specified users or groups by storage ID.
   DELETE /datastorage/<storageID>/paths/permissions

# Request Body
[
{
    "name": "USER",
    "principal": true 
},
{
    "name": "GROUP",
    "principal": false 
},
]

If no request body provided all storage path permissions shall be removed.
This method shall be available for admins and storage owners.

8. a new API methods for admins/owners management shall be implemented. This methods shall provide ability to manipulate path permissions from GUI. - load permissions for storage, user/group (TBD: path)

Pipe CLI part

1. pipe storage mount shall respect granted paths permissions. This permissions shall be refreshable.
2. other pipe storage methods shall also respect granted path permissions.