Make permission framework aware of deactivated users

[jacobtylerwalls]

The User model has an is_active flag to allow admins to soft-delete a user by revoking their access without actually removing them and their associated data from the system.

The default ModelBackend authentication backend already takes this into account.

However, the 7.6 permissions framework doesn't seem to take this into account anywhere.

Test case for PermissionsTest:

    def test_inactive_user(self):
        self.user.is_active = False
        self.user.save()

        implicit_permission = user_can_read_resource(
            self.user, self.resource_instance_id
        )
        self.assertIs(implicit_permission, False)

======================================================================
FAIL: test_inactive_user (tests.permissions.permission_tests.PermissionTests.test_inactive_user)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/Users/jwalls/prj/arches/tests/permissions/permission_tests.py", line 128, in test_inactive_user
    self.assertIs(implicit_permission, False)
AssertionError: True is not False

----------------------------------------------------------------------
Ran 2 tests in 5.367s

FAILED (failures=1)