submission: create new "observer" role with password protection

[GraemeWatt]

In addition to the existing "uploader" and "reviewer" roles, it would be useful to define an "observer" role with permissions only to view a submission in preparation (and associated review comments) but not to upload or review a submission. The "observer" could be a single user, but there should also be an option to specify a CERN e-group like atlas-physics-readers@cern.ch as an "observer". If the latter, the code should check if an individual HEPData user (logged in with CERN authentication) is a member of the CERN e-group before giving them permissions to view an unfinished submission. The "observer" should not be included in email notifications in order to avoid spamming a large e-group (which might anyway not have permissions to receive email from outside CERN). This is a request from various ATLAS members to allow password-protected collaboration-wide access to HEPData records in preparation.

[GraemeWatt]

This issue was raised again today by @jonbutterworth:

Is it possible to set permissions so a draft record can be circulated
around ATLAS before it is public? e.g. setting a password protection or
something, and circulating the password?

Maybe a simpler alternative to using CERN e-groups to control access would be to allow the Coordinator to assign an "observer" either during the initial creation of the record or later from their Dashboard. This would generate a password sent by email to the Coordinator that could be forwarded to the wider collaboration. The password could be included as a record URL option for convenience when sharing links. If a user tries to access a record in preparation, and they are not logged in or do not have Uploader/Reviewer/Coordinator permissions, the code should check if an "observer" exists for this record and prompt for the password if not given as a URL option.

[GraemeWatt]

Bumping priority after the issue was raised in a HEPData Forum post.