new strategy on access control

Access control is easy to get wrong. And if it is wrong, its a real mess. It is unlikely that I can get it right all in one go, and the specs still have not stabalized.

So I'm going to try implementing access control in easy stages. The first step is securing the Ark-level. Only AdMin can create Cabinets, post Cabinets and rename Cabinets.

The second step will be to secure the Cabinet-level. A Cabinet with a tag of "Private" can not be viewable or in any way accessible except to users known to the Cabinet. I think I can do this with reasonable speed, though t, s and other commands will be a bit slower.

I'm not sure yet how we can split up the rest of access control at this point, but perhaps breaking out these two steps will be a good start.