Permissions implementation

[meejah]

WIP: this is a proof-of-concept implementation of the "permissions" spec, implementing the "none" and "hashcash" methods.

Needs:

• unit-tests
• cleanup

[vu3rdd]

We may also need some command line flags to turn on/off the type of methods supported by the server?

[codecov]

Codecov Report

Base: 97.10% // Head: 96.74% // Decreases project coverage by -0.36% ⚠️

Coverage data is based on head (0683574) compared to base (4b35885).
Patch coverage: 93.81% of modified lines in pull request are covered.

Additional details and impacted files

@@            Coverage Diff             @@
##           master      #23      +/-   ##
==========================================
- Coverage   97.10%   96.74%   -0.36%     
==========================================
  Files           8        9       +1     
  Lines         829      923      +94     
  Branches      154      161       +7     
==========================================
+ Hits          805      893      +88     
- Misses         16       18       +2     
- Partials        8       12       +4     

Impacted Files	Coverage Δ
src/wormhole_mailbox_server/server.py	95.70% <66.66%> (-0.68%)	⬇️
src/wormhole_mailbox_server/server_websocket.py	99.03% <91.30%> (-0.97%)	⬇️
src/wormhole_mailbox_server/permission.py	98.27% <98.27%> (ø)
src/wormhole_mailbox_server/server_tap.py	88.73% <100.00%> (+1.04%)	⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

[meejah]

Locally, there's 1 uncovered line. Don't know what codecov is doing...

[meejah]

Further to the "multiple permissions method" thread and #30 and options-wise, what probably makes sense is:

• the default is ["none"]
• if you specify any --permission then the set is only those (e.g. with --permission hashcash the set becomes ["hashcash"], so you'd do --permission none --permission hashcash or similar to enabled both).
• as already said, this makes way more sense if there's a 3rd (or more) method

Separately, I'd also like to add "external" permissions so operators can play with non-standard ones. That is, "anything that implements IPermission", approximately.

Not sure precisely how to handle merging etc -- and maybe we want at least the options interface to work like #30 says...

[meejah]

This PR now also fixes #30