services/security/role: Add role server

This change adds the new role server and adds an option to vrun to run
commands using role blessings.

Each role has its own configuration file. The config file specifies a
list of members, i.e. who's allowed to use the role, in the form of a
set of blessing patterns. It also specifies 3 attributes that affect how
the role blessings are created:
  - Audit (bool): indicates that blessings will have a third-party
    caveat that will allow auditting of all uses.
  - Expiry (time.Duration string): the blessings will have an expiry
    caveat with expiry = now + value. An empty value removes the caveat.
  - Extend (bool): indicates that the blessing names will be extended
    with the full blessing name of the caller.

The blessing names that the role server returns look like:
  <server's blessing name> / <role> [ / <caller's blessing name> ]

There are two main use-cases for roles:
  - To use with access control, similar to a group membership. In this
    case, the service will use "root/roleserver/role" as blessing
    pattern, and the role config will have Extend=true.
  - To claim/bless a device or an application. Here, we need
    Extend=false, and no expiry (or a long one).

Note: The auditting / third-party caveat part is incomplete and will
require some changes in the security API to implement properly.

Change-Id: I1bc792c8c2e9e7522d8847580e7639a7f60f9f39
16 files changed