Add dynamic group authorization checks

Currently, users in groups have roles which allow or deny them to execute different tasks, such as changing user roles or removing members from a group. However, this is currently implemented in a static way and hardcoded.

Please implement these checks in a dynamic way, such that permission are retrieved from the database and can also be changed on a per-group basis by the group's administrators.