Neutron RBAC API and network support

https://review.openstack.org/192555
commit 4595899f7f2b3774dc2dac2f8dd1a085b1e7973d
Author: Kevin Benton <email address hidden>
Date: Tue Jun 16 23:43:59 2015 -0700

    Neutron RBAC API and network support

    This adds the new API endpoint to create, update, and delete
    role-based access control entries. These entries enable tenants
    to grant access to other tenants to perform an action on an object
    they do not own.

    This was previously done using a single 'shared' flag; however, this
    was too coarse because an object would either be private to a tenant
    or it would be shared with every tenant.

    In addition to introducing the API, this patch also adds support to
    for the new entries in Neutron networks. This means tenants can now
    share their networks with specific tenants as long as they know the
    tenant ID.

    This feature is backwards-compatible with the previous 'shared'
    attribute in the API. So if a deployer doesn't want this new feature
    enabled, all of the RBAC operations can be blocked in policy.json and
    networks can still be globally shared in the legacy manner.

    Even though this feature is referred to as role-based access control,
    this first version only supports sharing networks with specific
    tenant IDs because Neutron currently doesn't have integration with
    Keystone to handle changes in a tenant's roles/groups/etc.

    DocImpact
    APIImpact

    Change-Id: Ib90e2a931df068f417faf26e9c3780dc3c468867
    Partially-Implements: blueprint rbac-networks