Revisit pipeline command-related permissions

[christophermaier]

This was a left-over nice-to-have from #1320:

Revisit permissions - Currently any user can view the pipeline history
for any other user. LIkewise any user can kill any other user's executing
pipelines. I'm not sure this is the desired behavior. I can make convincing 
arguments for both sides.

[kevsmith]

I think we'd like to lock down exactly who can see other users' histories and pipelines. We don't have an easy way to express this via rules currently, sadly. I think the expedient thing to do is:

1. Allow any user to view their own histories and manage their own pipelines.
2. Allow only members of the cog-admins group to view other users' histories manage other users' pipelines.

Alternatively we could add two new permissions, operable:view-user-history and operable:manage-user-pipeline, and limit access to other users' histories and pipelines to only users who have these permissions.

In any case we'll have to hard code these checks into the relevant commands since the rule language doesn't have a way to express data ownership. While a little hacky I think this is acceptable since the history and pipeline commands are part of the embedded bundle.