Role based permissions system.

New commands - by default - should only be runnable by "special" users - i.e., users we can trust.

Otherwise, a commands audience can be specified as an array of roles we want to use it.

By default, this shall be `["committee", "rbadmin", "dev"]` for the sake of simplicity, with left to right precedence (a dev can't derole and admin, and admin can't derole a committee, etc)