Huge refactor of security policy enforcer stuff.
This revision involves 3 cooperating classes to secure tasks considered either 'sensitive' or 'security bug'
- SecurityPolicyListener applies an initial security policy to tasks submitted with the 'security' option set to anything other than 'none'
- The default security policy includes a new custom policy rule, implemented in PhabricatorPolicyRuleTaskSubscribers, which allows any user added to the CC of a task to /view + comment/ on the task. In addition to subscribers of the task, the task author and any member of the corresponding 'security' project will also be able to view/edit the task without explicitly being subscribed.
- SecurityPolicyEnforcerAction is a herald custom action which is used to reset the security policy if anyone tries to override the policy to 'public' or 'any user' when the security flag is set to something other than 'none', this is just a sanity check to keep someone from inadvertantly or maliciously revealing a secure task without explicitly setting the security to 'none'