Add an owner role

[gdorsi]

Background

Currently, the role management system in Jazz has limitations around admin permissions where admins cannot be downgraded except by themselves. This creates potential issues for organization management and differs from common patterns seen in platforms like GitHub. A new "Owner" role is proposed to provide additional control while maintaining security.

Requirements

New Role Definition

• Create a new "Owner" role that sits above Admin in the permission hierarchy
• Owner should have all Admin permissions plus:
  • Ability to downgrade/remove Admin users
  • Ability to manage all member roles regardless of their current role level
• The system will not enforce owner succession rules (when an owner leaves) - this will be left to individual applications to implement

Additional Context

This change aims to provide better control for organization management while maintaining the secure-by-default approach of Jazz. The goal is to allow members to be given invitation powers (Admin role) without risking unauthorized removal of original owners or other members.

[gdorsi]

From anselm feedback:

Can we name it something else to distinguish it from the CoValue "owner" concept?