Add new system group for project owners

Add a new system group 'Project Owners' that permits all owners of a project.
The 'Project Owners' group is always evaluated in the context of a project,
meaning that all rights assigned to the 'Project Owners' group are resolved to
rights for the concrete groups owning the project.
This new group makes it easy for Gerrit administrators to configure a default
access configuration for new projects and so the creation of new projects gets
easier and faster.

As an example let's assume that by default for new projects we want to allow
all project owners to push tags and to vote -2/+2 for Code Review, -1/+1 for
Verified and to submit. Before this change the steps to do this were:
1. Creation of a new group for the team that owns the project, 'Team X' (if not
   already existing)
2. Creation of a new project 'Project Y' with group 'Team X' as project owner.
3. Assigning for 'Project Y' 'Push Tag +2' privilege to 'Team X'
4. Assigning for 'Project Y' 'Code Review -2/+2' privilege to 'Team X'
5. Assigning for 'Project Y' 'Verified -1/+1' privilege to 'Team X'
6. Assigning for 'Project Y' 'Submit +1' privilege to 'Team X'

With the introduction of the 'Project Owner' group things get easier. A Gerrit
Administrator can assign the deault privileges ONCE on a parent project,
e.g. '-- All Projects --', to the 'Project Owners' group.
1. Assigning for '-- All Projects --' 'Push Tag +2' privilege to
   'Project Owners'
2. Assigning for '-- All Projects --' 'Code Review -2/+2' privilege to
   'Project Owners'
3. Assigning for '-- All Projects --' 'Verified -1/+1' privilege to
   'Project Owners'
4. Assigning for '-- All Projects --' 'Submit +1' privilege to 'Project Owners'

Then the creation of new projects can be done very easily within 1 or 2
commands from the command line:
1. Creation of a new group for the team that owns the project, 'Team X' (if not
   already existing)
2. Creation of a new project 'Project Y' with group 'Team X' as project owner.
'Project Y' will inherit the rights assigned to the group 'Project Owner' which
will be resolved for 'Project Y' to rights for the group 'Team X' which is
owning 'Project Y'.

Signed-off-by: Edwin Kempin <edwin.kempin@gmail.com>
Change-Id: Ia233a1ae9138b833aab5d5a53525bbdf6539580e

gerrit-server/src/test/java/com/google/gerrit/server/project/RefControlTest.java

@@ -191,18 +191,21 @@ public class RefControlTest extends TestCase {
   private final AccountGroup.Id admin = new AccountGroup.Id(1);
   private final AccountGroup.Id anonymous = new AccountGroup.Id(2);
   private final AccountGroup.Id registered = new AccountGroup.Id(3);
+  private final AccountGroup.Id owners = new AccountGroup.Id(4);
 
-  private final AccountGroup.Id devs = new AccountGroup.Id(4);
-  private final AccountGroup.Id fixers = new AccountGroup.Id(5);
+  private final AccountGroup.Id devs = new AccountGroup.Id(5);
+  private final AccountGroup.Id fixers = new AccountGroup.Id(6);
 
+  private final SystemConfig systemConfig;
   private final AuthConfig authConfig;
   private final AnonymousUser anonymousUser;
 
   public RefControlTest() {
-    final SystemConfig systemConfig = SystemConfig.create();
+    systemConfig = SystemConfig.create();
     systemConfig.adminGroupId = admin;
     systemConfig.anonymousGroupId = anonymous;
     systemConfig.registeredGroupId = registered;
+    systemConfig.ownerGroupId = owners;
     systemConfig.batchUsersGroupId = anonymous;
     try {
       byte[] bin = "abcdefghijklmnopqrstuvwxyz".getBytes("UTF-8");
@@ -268,9 +271,15 @@ public class RefControlTest extends TestCase {
   }
 
   private ProjectControl user(AccountGroup.Id... memberOf) {
+    RefControl.Factory refControlFactory = new RefControl.Factory() {
+      @Override
+      public RefControl create(final ProjectControl projectControl, final String ref) {
+        return new RefControl(systemConfig, projectControl, ref);
+      }
+    };
     return new ProjectControl(Collections.<AccountGroup.Id> emptySet(),
-        Collections.<AccountGroup.Id> emptySet(), new MockUser(memberOf),
-        newProjectState());
+        Collections.<AccountGroup.Id> emptySet(), refControlFactory,
+        new MockUser(memberOf), newProjectState());
   }
 
   private ProjectState newProjectState() {