Create Plugin permissions restriction (via PluginAuth)

Recently PluginAuth has landed in Pod, which allows for the Plugin to not know the database key and allows for any additional information to be stored in the encrypted+signed PluginAuth blob.

Adding permission restrictions right in the same encrypted blob would allow limiting what PluginAuth requests (and therefore all Plugins) can do.

┆Issue is synchronized with this Clickup task by Unito