Adding cinder policy rules file for policy checks. Implementing
rule checks as well. Some cinder API calls actually hit nova, so
adding those calls as well.
Also a couple of improvements to the Horizon policy engine. First,
now providing the token scope project_id and user_id as targets by
default, unless otherwise specified. Most service policy rules
check on or both of these. Second, checking to see if rule exists,
before attempting enforcement. If the rule does not exist, using
the default rule for that service. This now matches what the
service policy engines do.
Implements: blueprint block-rbac
Change-Id: Ifef08b8975280f4e621ba8eebec9d405e1e870a2