API permissions - for all pages: implement smart role selection

[tpurschke]

If an uiuser has multiple roles make sure that the best matching role is set in http header:

• For each page set a list of all roles in order of suitability for the page.
• When a user enters a page, select the top role of the user's roles and set this in http header.
• Display a drop-down list of the user's roles in the nav-bar next to the username. Here the user can manually switch to another role.

[tpurschke]

The existing role selection mechanism seems to have sporadic issues. Sometimes the log says, that the correct role was chosen (e.g. auditor) but the (permitted) api call fails due to the requested value not being present.