Come up with a simple access/permission system for Workspaces

What we need here is access control for switching and viewing workspaces.

Here are some thoughts:

• administer workspaces - Allows to a user to do everything with all workspace entities.
• create workspace
• view any workspace - Applies to switching and viewing workspaces. Content entity access within workspaces is handled as usual.
• edit any workspace - Applies to the workspace entity. Content entity access within workspaces is handled as usual.
• delete any workspace - Applies to the workspace entity. Content entity access within workspaces is handled as usual.
• view own workspace - Allows users to switch to workspaces created by themselves. Content entity access within the workspace is handled as usual.
• edit own workspace - Allows users to edit its own workspace (e.g. the workspace entity itself). Entity access within the workspace is handled as usual.
• delete own workspace - Allows users to delete its own workspaces (e.g. the workspace entity itself and all content in it).
• bypass content access control in own workspace - Similar to the "bypass content access control" but specific to only the user's own workspaces. This will allow users to edit any content in own workspace. If the user does not have this permission, then regular content entity access rules would apply.
• view $id workspace
• edit $id workspace
• delete $id workspace
• bypass content access control in $id workspace

To implement the above we'll need to implement hook_entity_access().

@Crell this looks really good so far! As for the "view" permission, I think we need a couple of things

1. Move everything under \Drupal\multiversion\Workspace\* into Workspace module, because:
   • It probably makes our life easier to implement "view" access checking if Workspace module own these services
   • Multiversion should be kept lightweight and only deal with storage anyhow, so moving them makes sense
2. Inject the \Drupal\workspace\EntityAccess into WorkspaceManager
3. Do "view" access checking inside WorkspaceManager::getActiveWorkspace() and throw some exception if the current user doesn't have access
4. Hook into the request stack somewhere and use WorkspaceManager::getActiveWorkspace() which will throw the above exception on access denied

We should be able to test the following pseudo code:

1. Create user A who only have access to view her own workspaces
2. Create workspace Z that is NOT owned by user A
3. Set workspace Z as the active workspace (with WorkspaceManager)
4. GET the front page (or ANY other route) as user A
5. HTTP 403 should be returned