Fix ACL and Authz for Group Roots/Contexts

[lyzadanger]

h.models.groups has an __acl__ method in it, which breaks the pattern for using Pyramid traversal for ACL/authz pertaining to resources. This is confusing and hard to maintain. ACLs should be within h.traversal where possible.

We already know (it's been commented for a while) that h.traversal.Roots.GroupRoot should return a GroupContext, not a group model. Fixing that and applying the "factory" more consistently would allow us to manage the ACL on GroupContext instead of in the group model.

This isn't terrifically complex, but does require touching the code in a bunch of places where a model is assumed instead of a context from GroupRoot.