usermanager: Fix method name of global authz provider (thanks Zash)

usermanager: Remove obsolete function from global authz provider

features: Add "permissions" feature for role-auth

usermanager: Handle local JIDs being passed to get/set_jid_role() There is no reasonable fallback for set_jid_role() because users may have multiple roles, so that's an error.

core.usermanager: Add missing stub authz methods to global authz provider Except, should we have a global authz provider at all?

moduleapi: Stricter type check for actor in permission check Non-table but truthy values would trigger "attempt to index a foo value" on the next line otherwise

moduleapi: Remove redundant expansion of ':' prefix in permission names

moduleapi: Distribute permissions set from global modules to all hosts Roles and permissions will always happen in the context of a host. Prevents error upon indexing since `hosts["*"] == nil`

mod_tokenauth: New API that better fits how modules are using token auth This also updates the module to the new role API, and improves support for scope/role selection (currently treated as the same thing, which they almost are).

mod_authz_internal: Use util.roles, some API changes and config support This commit was too awkward to split (hg record didn't like it), so: - Switch to the new util.roles lib to provide a consistent representation of a role object. - Change API method from get_role_info() to get_role_by_name() (touches sessionmanager and usermanager) - Change get_roles() to get_user_roles(), take a username instead of a JID This is more consistent with all other usermanager API methods. - Support configuration of custom roles and permissions via the config file (to be documented).