Security (ACL) resource consolidation

[GlancingMind]

git-bug#212
git-bug#55
git-bug#130

[GlancingMind]

Consideration: Git-Bug access right must match does of every bridged service access rights.

Suppose a user (Alice) is not allowed to change the labels of bugs in the git-bug repository but she may be allowed to comment on bugs.
To make the comments public to other team members, Alice has to push the git-bug repository to the repository hosting servers (e.g. GitHub). This means Alice must be at least a member of the hosted repository. Being a member of the hosted repository, Alice might have additional privileges that exceed those of the git-bug repository privileges.
E.g. Alice can add labels to bugs via GitHub. Then she could import the latest changes via the GitHub bridge and push the labeled bug to the repository.

Risk level: Medium, as a person with push access to the hosted repository should be already a trusted individual.
Be aware, that every bridged repository should be constantly monitored for malicious activity, as a compromised bridged services could be used in above mentioned scenario to circumvent access controls of git-bug.