Refactor permissions

Refactoring the permission-related fields as discussed in #580 (closed)

• Upload.user_id and EntryMetadata.uploader are renamed to main_author
• It becomes possible to set coauthors on both the upload and the entry level. The fields are named coauthors and entry_coauthors, respectively.
  • NOTE 1: The field coauthors was previously defined on the entry level, but now it is set on the upload level.
  • NOTE 2: we prefer users to use the field coauthors on the upload level, and if possible it would be nice to get rid of the entry_coauthor field eventually.
• The field Calc.shared_with is renamed and moved to Upload.reviewers (the name change is to make it more clear that they only have read permissions, now that there will potentially be multiple readers and writers)
• The derived field EntryMetadata.owners is renamed to viewers (also to make it clearer that these are the users who can read the data). The field is defined as main_author + coauthors + reviewers.
• Introduces a new derived field EntryMetadata.writers to denote users who can write to the upload. Defined as main_author + coauthors
• The derived field EntryMetadata.authors is defined as main_author + coauthors + entry_coauthors
• NOTE: being in the entry_coauthors doesn't give you any permissions, neither to read from or to write to the upload. It only means you're listed as an author in the search index. This is the point, because we want the permissions to be determined at the upload level, so you either have read/write access to the whole upload or not (would be messy to have different permissions to different entries within the same upload)