feat(admin): add per-user permission control by the system admins

[bobbai00]

What changes were proposed in this PR?

Add a new column in the user table called permission. This column stores what features user can use as a json string. This can open some sensitive features for only certain users controlled by the admin.

Here is the demo:

Any related issues, documentation, discussions?

Close #3946

How was this PR tested?

Was this PR authored or co-authored using generative AI tooling?

No

[Yicong-Huang]

@bobbai00 could you please use our PR template? Also, I think it's better to include some diagrams, it is hard for me to understand this change right now.

[Yicong-Huang]

sorry I think I will have to -1 on this.

I am concerned about the naming permission as well as its design. I thought in another context, in the design of access control, we want have a permission relationship from user to resources. This implementation realizes permission, but seems to be another definition, it is more of a boolean value configuration, true/false to all computing units. This is not consistent with our design.

I suggest

1. we add permission to specific resource (i.e., Computing Unit) management page (if we have one or building one), and for each resource, we should have a way for user to change permission to it.
2. If we want to have a global flag for admin to configure if a particular user can ssh to computing units or not, create a column called configs BLOB in user table to store a json, and make this ssh-accessible as one of the json keys.

[chenlica]

@bobbai00 Based on the experience of another permission-related topic, I think we don't need this feature any more, right?

@aicam and @kunwp1 You were assigned as reviewers. In general, please take care of such tasks timely.