Add access control to credentials based on group membership

[GarretReece]

This PR adds a groups field to credentials. If a user is not in one of the groups associated with a credential then they will be unable to interact with the credential.

This PR picks up from the work in PR #289, updated to the current structure for Confidant, and adds multi group support.