Normalise grants and roles tables to improve grants query performance

[mikemountain]

trafficstars

When querying the database for whether a requesting user is authorised to perform a requested action on a requested resource, the query to fetch the user's grants would become slow and CPU intensive due to the number of results being returned for each scope when resolving descendants and children keywords.

The changes in this feature include migrating the iam_role_grant_scopes table to new tables iam_role_global, iam_role_org, iam_role_project, iam_role_global_individual_org_grant_scope, iam_role_global_individual_project_grant_scope, and iam_role_org_individual_grant_scope, making db access and returns more performant, as well as creating a new table iam_grant, migrated from iam_role_grant for all distinct canonical_grants.

Grant fetches are now optimised by filtering based on the resource type and request scope, utilising keywords such as individual.