Non-admin users apparently have no access to receive alerts by default

[lunkwill42]

I was somewhat surprised to find, during debugging a related problem, that it appears NAV (4.8) does not by default allow non-admin users permission to receive any kind of alert.

In fact, the baseline SQL schema grants permissions to receive G01: All alerts to the NAV Administrators group only - and, this permission can, in fact, be revoked.

This appears to have been the case since the very first version of NAV with the Alert Profiles and alertengine components in it. I don't think it is a very sane default, and is bound to confuse some users - yet, I don't think it would be wise to unexpectedly add this permission to Authenticated users during an upgrade - as some user's may have come accustomed to this setting.

I propose that we, perhaps, do these things:

1. Ensure that permissions cannot be revoked from the admins (e.g. anywhere else in NAV where the involved subject of a permissions check is an admin, permission is granted directly by the code without consulting the actual grants in the database)
2. Grant G01: All alerts to the Authenticated users group in the SQL baseline, but not in an upgrade script.
3. Make note of this fact in the release notes.