Extended RPSL set name validation and authentication

[mxsasha]

Creation of RPSL set objects, as-set, filter-set, peering-set, route-set and rtr-set, currently has few authentication restrictions. If a user has access to any mntner, they can create new sets. For as-set there is a requirement for the first element to be an AS number, e.g. “AS65537:AS-EXAMPLE” when creating new objects as of IRRD 4.2, though this can be disabled.

The plan for this issue is to extend IRRD with new possible requirements for each set type:

1. All newly created set names will have to follow the hierarchical naming scheme where the first element is an AS number.
2. Whenever creating a new set object, the database must have an aut-num object for the AS number in the first element.
3. Authentication must pass for that aut-num (at least one valid authentication method on at least one mnt-by of the aut-num), in addition to normal object creation authentication requirements.

Per set type (as-set, filter-set, etc.) a setting will be added for one of the following:

1. Prefix not required, no prefix validation.
2. Prefix not required, but if prefix is present is present opportunistic validation (the prefix may be missing, the aut-num may not yet exist, but if there is a prefix and the aut-num does exist, IRRD must validate).
3. Prefix required, 'weak' / opportunistic validation (the aut-num may not yet
   exist, but if it does IRRD must validate).
4. Required, strict validation (the aut-num must exist and validate).

In all settings, existing objects can still be modified and deleted, because they may be referenced from other objects from RADB or other IRRs. Forcing a name change to modify existing objects would therefore be a high burden on users.
When modifying or deleting existing set objects, authentication only needs to pass on at least one method on at least one mnt-by on the set object itself, i.e. aut-num authorisation is only required when creating a set object.