Add auditor_role for projects and inventory

[AlanCoding]

ISSUE TYPE

• Bug Report

SUMMARY

Users with admin_role to a project do not have permission to see all the job templates that employ that project. Yet, organization auditor_role will get permission to view those templates.

If we were to add auditor_role to projects, then we would be able to surface this mechanism to users.

ENVIRONMENT

• AWX version: 4.0.0
• AWX install method: openshift, minishift, docker on linux, docker for mac, boot2docker
• Ansible version: X.Y.Z
• Operating System:
• Web Browser:

STEPS TO REPRODUCE

Create a project, grant userA admin_role, grant other users use_role

Have those other users create new job templates with project

EXPECTED RESULTS

Expect userA to see job templates created with that project

ACTUAL RESULTS

userA cannot see any job templates, or jobs.

ADDITIONAL INFORMATION

#3629 is my reason for filing this.

Corresponding to this change, we should offer "audit" entry in user_capabilities for projects, avoiding extra legwork by the client to determine who can and cannot attach a notification template.

It would also make the permissions rules for Notification Templates more simply explainable. Auditor role will be necessary for the resource, notification_admin_role for the notification template, and if auditor role is not present for the resource, read role will suffice.

Ping @wenottingham @mabashian

[AlanCoding]

Also relevant to #3903, and is kicked of out scope of that feature for now.

[gamuniz]

closing per @AlanCoding