Investigate separation of public, private, and shared assets

[samtuke]

Some access control use cases would be simplified if assets with different security contexts were grouped and separated (e.g. public subscribe paths, admin paths, and items shared by both). In phpList 3 these assets are generally directory based, with routes corresponding to directories. In phpList 4 it may be convenient to use routes to enable web-server based access control based on such routes.

Further investigation of this possibility is required.

Requested in https://github.com/phpList/phplist3/issues/336#issuecomment-401683438