UI: Add capabilities service

[hellobontempo]

Description

Since we're moving away from checking capabilities in the ember data model, this adds a new capabilities service so permissions checks can happen more readily anywhere in the codebase.

sample implementation

export default class MyClass extends Component {
  @service capabilities;
  
  backend = 'my-engine';
  path = 'my-secret';

  get canRead() {
     return this.capabilities.canRead(`${this.backend}/data/${this.path}`),
  }
}

TODO only if you're a HashiCorp employee

• [ ] Backport Labels: If this PR is in the ENT repo and needs to be backported, backport
  to N, N-1, and N-2, using the backport/ent/x.x.x+ent labels. If this PR is in the CE repo, you should only backport to N, using the backport/x.x.x label, not the enterprise labels.
  • [ ] If this fixes a critical security vulnerability or severity 1 bug, it will also need to be backported to the current LTS versions of Vault. To ensure this, use all available enterprise labels.
• [ ] ENT Breakage: If this PR either 1) removes a public function OR 2) changes the signature of a public function, even if that change is in a CE file, double check that applying the patch for this PR to the ENT repo and running tests doesn't break any tests. Sometimes ENT only tests rely on public functions in CE files.
• [ ] Jira: If this change has an associated Jira, it's referenced either in the PR description, commit message, or branch name.
• [ ] RFC: If this change has an associated RFC, please link it in the description.
• [ ] ENT PR: If this change has an associated ENT PR, please link it in the description. Also, make sure the changelog is in this PR, not in your ENT PR.