Create per stable repository ACL

We need a finely grained access control setup, that can be enforced per stable repository.

This system is meant to provide general access for binary repository actions (such as add, move, remove) to packagers. The ACLs do not need to be as specific to grant a user only one of the actions though!

The system should be manageable by configuration file (for a first PoC), but be built with extensibility in mind (as we will want to be able to manage this system via keycloak).

In future setup scenarios we may even want to enforce ACLs on basis of a pkgbase (when thinking of scenarios in which packagers should only have access to a predefined group of packages). This is out-of-scope for this initial PoC though!