Rework default permissions

[winged]

During discussion of #1510, a discussion came up regarding our default permissions.

Right now, Caluma in it's pristine configuration allows every operation to every user. This is awesome for "playground" installations, where we don't want to stand in the way of people trying out things.

However, when switching to "production mode", the defaults should be "closed-by-default", users should only be able to perform the operations that they're explicitly allowed to.

Thus, we should rework the permissions code as follows: When no permission is given, the has_permission() and has_object_permission() methods shall return False.

I think that the configured default permission,AllowAny, still has it's merits. We can implement it in such a way that it implements a method for every mutation type, returning True for all of them. This way, users can implement their permission classes in two ways:

• Subclass BasePermission, explicitly allowing only what they need to allow
• Conciously subclass AllowAny, which implies that anything not specified is explicitly allowed.