This adds the basic framework for registering and using default policy
rules. Rules should be defined and returned from a module in
nova/policies/, and then added to the list in nova/policies/__init__.py.
A new context.can() method has been added for policy enforcement of
registered rules. It has the same parameters as the enforce() method
currently being used.
To establish the full pattern for usage the policy checks in the servers
API module have been registered and converted to the new usage.
Now that some policy checks are registered they're being used properly
by tests. Some tests have been updated so that the instance project_id
matches the context project_id in order to pass the 'admin_or_owner'
check.
Change-Id: I71b3d1233255125cb280a000b990329f5b03fdfd
Partially-Implements: bp policy-in-code
19f9a4bbd4