New workspace ACL endpoints

[aslilac]

// @Router /workspaces/{workspace}/acl [get]
// @Success 200 {object} codersdk.WorkspaceACL
type WorkspaceACL struct {
	Users  []WorkspaceUser  `json:"users"`
	Groups []WorkspaceGroup `json:"group"`
}

type WorkspaceGroup struct {
	Group
	Role WorkspaceRole `json:"role" enums:"admin,use"`
}

type WorkspaceUser struct {
	User
	Role WorkspaceRole `json:"role" enums:"admin,use"`
}

// @Router /workspaces/{workspace}/acl [patch]
// @Param request body codersdk.UpdateWorkspaceACL true "Update workspace ACL"
// @Success 204
// UpdateWorkspaceACL is based on the UpdateTemplateACL type already used in the
// API.
type UpdateWorkspaceACL struct {
  // Keys must be valid UUIDs. To remove a user/group from the ACL use "" as the
  // role name (available as a constant named `codersdk.WorkspaceRoleDeleted`)
	UserRoles  map[string]WorkspaceRole `json:"user_roles,omitempty"`
	GroupRoles map[string]WorkspaceRole `json:"group_roles,omitempty"`
}
// Other designs were considered (using lists of objects instead of simple
// string-to-string pairs, having separate groups to represent adding and
// removing, but consistency with the existing template ACL APIs seems more
// valuable and objective than any alternatives. As is often the case with Go,
// it's simple and good enough!

type WorkspaceRole string

const (
	WorkspaceRoleAdmin   WorkspaceRole = "admin"
	WorkspaceRoleUse     WorkspaceRole = "use"
	WorkspaceRoleDeleted WorkspaceRole = ""
)

// @Router /workspaces/{workspace}/acl [delete]
// @Success 204
// Completely clears the user and group ACLs.