Origin/18124 custom role feature

[maxgraustenzel-create]

This change adds custom roles to harbor.

IMPORTANT: This is a POC, the feature is not finalized. The goal is to have some discussion about the proposed design before finalizing the implementation.

Directly Solved Issues:

#18124 RBAC - be able to create a custom role
#18143 Create custom project roles
#21222 Add role for security auditor
#15711 Add a readonly admin role in Harbor
#12062 Make permission system more fine-grained
#21306 - Read-only auditor role (December 2024 - very recent!)
#8632 - Limited guest role
#1486 - Guest shouldn't see all members (from 2016!)
...

Partially Solved Issues:

#10159 - Repository-level permissions (48 👍 - highest demand!)
...

Design changes :

• Store permissions in role_permission and permission_policy table (from rbac_role.go, migration with init_permissions.sql)
• Permission management functionality for the system administrator (swagger + ui)
• Dynamic permission selection when adding members
• Caching of role permissions for the user and session in rbac_user.go (contains now the roles object as part of session with the associated permissions)

TODO (Partial):

• Bugs (display, translation, ...)
• Implement security (avoid escalation when creating robots and assigning other members)
• Implement testcases

For more details:

Harbor_Custom_Roles_CURRENT_STATUS.md
Harbor_Custom_Roles_Documentation.pdf
https://claude.ai/share/98f704a9-f643-41d6-828e-f2afc81e68bf

[chlins]

@maxgraustenzel-create Please first submit a proposal in the community repository for discussion.

[github-actions]

This PR is being marked stale due to a period of inactivty. If this PR is still relevant, please comment or remove the stale label. Otherwise, this PR will close in 30 days.

[Max-303]

@maxgraustenzel-create Please first submit a proposal in the community repository for discussion.

This is the proposal:
goharbor/community#276