feat: Add rbac for config policies

[salonig23]

Ticket

CM-420

Description

Add RBAC permissions for modify and view config policies at the global and workspace levels.

Test Plan

CI passes

Checklist

• Changes have been manually QA'd
• New features have been approved by the corresponding PM
• User-facing API changes have the "User-facing API Change" label
• Release notes have been added as a separate file under docs/release-notes/
  See Release Note for details.
• Licenses have been included for new code which was copied and/or modified from any external code

[netlify]

✅ Deploy Preview for determined-ui ready!

Name	Link
🔨 Latest commit	e0b2b40
🔍 Latest deploy log	https://app.netlify.com/sites/determined-ui/deploys/66d888f72c49340008c1c4b9
😎 Deploy Preview	https://deploy-preview-9873--determined-ui.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[codecov]

Codecov Report

Attention: Patch coverage is 0% with 54 lines in your changes missing coverage. Please review.

Project coverage is 54.68%. Comparing base (0a18c5a) to head (e0b2b40).

Files with missing lines	Patch %	Lines
master/internal/workspace/authz_rbac.go	0.00%	18 Missing ⚠️
master/internal/cluster/authz_rbac.go	0.00%	12 Missing ⚠️
master/internal/cluster/authz_basic_impl.go	0.00%	6 Missing ⚠️
master/internal/cluster/authz_permissive.go	0.00%	6 Missing ⚠️
master/internal/workspace/authz_basic_impl.go	0.00%	6 Missing ⚠️
master/internal/workspace/authz_permissive.go	0.00%	6 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #9873      +/-   ##
==========================================
- Coverage   54.71%   54.68%   -0.03%     
==========================================
  Files        1261     1261              
  Lines      156756   156810      +54     
  Branches     3597     3597              
==========================================
- Hits        85770    85755      -15     
- Misses      70855    70924      +69     
  Partials      131      131              

Flag	Coverage Δ
backend	45.21% <0.00%> (-0.08%)	⬇️
harness	72.62% <ø> (ø)
web	54.43% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
master/internal/cluster/authz_basic_impl.go	18.51% <0.00%> (-5.30%)	⬇️
master/internal/cluster/authz_permissive.go	3.57% <0.00%> (-0.98%)	⬇️
master/internal/workspace/authz_basic_impl.go	1.47% <0.00%> (-0.15%)	⬇️
master/internal/workspace/authz_permissive.go	1.42% <0.00%> (-0.14%)	⬇️
master/internal/cluster/authz_rbac.go	1.58% <0.00%> (-0.38%)	⬇️
master/internal/workspace/authz_rbac.go	0.33% <0.00%> (-0.03%)	⬇️

... and 6 files with indirect coverage changes

[kkunapuli]

This is just for my own knowledge - why do we have a function for viewing the policies if access is always allowed?

[salonig23]

from my understanding, if we want to change who has those permissions it will be easier in the future, or if we want to add a feature to allow the admin to configure which user has which permissions, it would be easier if we already check this permission in the API handler

[kkunapuli]

LGTM! Looks like an rbac test may be failing? Not sure if it's related or not.