Roles and Authorizations

[blue-note]

We have the growing need to have a unified scheme for designating different types of roles and permissions in a DAO. Examples include:

• The ability to create a proposal to upgrade code while pausing a DAO in the event of a known security vulnerability
• Delegating the ability to change a staking contract's config (such as unstaking duration) to a contract "manager"
• A DAO delegating the ability to auto-migrate its code to a subDAO or bot when there is new code to consume (can consume updates pushed by code-id dao, for example!)
• More generically, a subDAO having control over a subset of actions that its parent DAO can take
• The ability for a DAO to create its own 'roles' (which can be implemented as multisigs and can then be assigned permissions) and then assign these to users

The goal of this doc is to flesh out which kinds of standard roles and permissions we want to support, and how they can be implemented using the in-development authorization middleware.

[nicolaslara]

It would be great if we could write these as tests. If anyone wants to give it a shot but is unsure about assigning the right permissions, feel free to write failing tests that assume an account has the right permissions, and I'll add the auths to make it pass.