Allow finer grain permission control

[tadhgboyle]

Taking inspiration from XF and Discord permission system:

• Allow/Abstain/Deny permissions on a per-user basis
• Groups can also Allow/Abstain/Deny permissions

Permission check flow would go:

1. Check if user has it explicitly set to Allow/Deny and use that value
   • If user does not have it explicitly set to anything ("Abstain"), continue to groups
2. For each of their groups (sorted by order), perform the same check - see if explicitly set and if not, continue to next group