LU-3866 hsm: permission checks on HSM operations

LU-3866 hsm: permission checks on HSM operations

In the LL_IOC_HSM_CT_START case of ll_dir_ioctl() require
CAP_SYS_ADMIN, since the local handler for this ioctl may modify the
global KUC table.

In the MDC HSM handlers that do not pack a real suppgid, use -1 rather
than 0 for the suppgid in mdt_body.

In mdt_hsm_release() and the the MDT HSM RPC handlers require a
read-write client mount for all operations except restore, get HSM
state, and get HSM actions.  Require CAP_SYS_ADMIN for
MDS_HSM_PROGRESS, MDS_HSM_CT_REGISTER, and
MDS_HSM_CT_UNREGISTER. Require CAP_SYS_ADMIN in mdt_hsm_state_set()
for setting flags not in HSM_USER_MASK.

Add per-coordinator bit masks (cdt_{user,group,other}_request_mask)
indexed by the HSMA constants to govern permissions on the various
requests types. By default each mask is set to allow restore only.
Add files /proc/fs/lustre/mdt/*/hsm/{user,group,other}_request_mask to
get and set these masks.

Signed-off-by: John L. Hammond <john.hammond@intel.com>
Change-Id: Ifcb3c0950ebb11187cce62f15abbe8746f1ff7c2
Reviewed-on: http://review.whamcloud.com/7565
Tested-by: Hudson
Tested-by: Maloo <whamcloud.maloo@gmail.com>
Reviewed-by: Aurelien Degremont <aurelien.degremont@cea.fr>
Reviewed-by: Faccini Bruno <bruno.faccini@intel.com>
Reviewed-by: Jinshan Xiong <jinshan.xiong@intel.com>
Reviewed-by: Oleg Drokin <oleg.drokin@intel.com>