authorization scheme for permissions to edit collections and icons

[ischneider]

Proposed:

add the following fields (where user_model = settings.AUTH_USER_MODEL)

IconData
editor = ForeignKey(user_model)

Icon
creator = ForeignKey(user_model)

Collection
members = ManyToMany(user_model)

Default authorization rules:

• user is superuser
• user is creator of Icon or IconData.icon
• user is in Icon or IconData.icon Collection.members

The authorization module should be swappable to allow downstream projects to do as they see fit.