Robust, simple and easy to reason about authz service / domain
Created by: tsenart
Context
- Specially important given the advent of private code in sourcegraph.com
- The direct SQL integration is easy to skip and produces hard to debug queries.
- We need robust, but still performant service with a clear public API that's easy to audit and test for correctness.
- We need to make it very hard for new developers to skip authorization when writing new code.
- Needed for Sophisticated Role Based Permissions.
- Model code structure based on RFC 348 - Backend Code Structure