App permissions should include user/org context

[jace]

When assigning permissions to an app, an optional context (where context is an org) will help teams other than the Owners team become meaningful. Team access rights should be in Lastuser, not in individual apps. Org as context solves for the most common, recurring problem scenario.

These permissions should be assignable by an Org owner, and org owners should not be able to assign permissions like 'siteadmin', so:

1. Apps should declare a safe list of permissions that can be assigned to teams or users with org context,
2. Since this data is an app resource, apps should get a new API endpoint for retrieving this data, and
3. This data should also be supplied in the userinfo on login.

As a consequence, apps that have limited use for the Team model can now lose it.

[jace]

Deprecated since we've decided against hosting contexts in Lastuser. Even organizations are going away from Lastuser as of #232.