Feature: Implement User Groups

[geetxnshgoyal]

Change(s)

Change Type: Added

Change Category: Internal

Changelog Entry: Support for User Groups Authorization

Adds the UserGroup and UserGroupMembership models to support user groups in the AIoD metadata catalogue. Adds CRUD endpoints for user groups (/user_groups) and extends the core application permissions (_user_has_permission, /assets/permissions, mapping routes) to seamlessly grant resource permissions if any of an authenticated user's groups have access to it.

How to Test

1. Check out the branch and build the DB using alembic upgrade head or starting from scratch with the docker-compose setup.
2. Ensure you have Keycloak users setup.
3. Use the /user_groups POST endpoint to create a group as an ADMIN.
4. Add user A to the new group.
5. Create a resource with user B, and grant the newly created group READ permission on the resource using POST /assets/permissions.
6. Authenticate as user A and verify they can fetch user B's resource.

Checklist

• Tests have been added or updated to reflect the changes, or their absence is explicitly explained.
• Documentation has been added or updated to reflect the changes, or their absence is explicitly explained.
• A self-review has been conducted checking:
  • No unintended changes have been committed.
  • The changes in isolation seem reasonable.
  • Anything that may be odd or unintuitive is provided with a GitHub comment explaining it (but consider if this should not be a code comment or in the documentation instead).
• All CI checks pass before pinging a reviewer, or provide an explanation if they do not.
• The PR title matches the changelog entry's one-line description.

Related Issues

Closes #660