This commit replaces the 'permissions' service with a minimal
implementation which supports only what is required by the
actual permissions model in the client and service, rather than
all the possible permissions implied by the structure of the
`permissions` field.

In the client and service, annotations are simply "shared" or "private":

 "private" annotations can be read, updated and deleted only by
 their creator.

 "shared" annotations can additionally be read by everyone in the group
 that the annotation is associated with.