Separate auth groups permissions can be configured to distinguish whether
logged in users can submit reports and tag images.

Note that this keeps current behaviour to only allow users to login if the user
belongs to a configured auth-group, as well as to always allow users to view results
and testcases if the always-require-login config option is disabled.

If an user tries to login and doesn't belong to any of the configured auth groups,
the login will fail and the user will be redirected to the login page.

Attempting to send a POST request to the endpoints used to submit reports
and/or tag images will fail with 403 (Forbidden) if the user doesn't belong to any
configured auth group that has the corresponding extra permissions.

Note that an empty configuration (default) for the auth-groups means that any user
with the right credentials can login and also submit reports and tag images.

Signed-off-by: Andre Moreira Magalhaes <andre.magalhaes@collabora.com>