Implement organization "disable workspace sharing" option

[aslilac]

The built-in org member role will be replaced by a protected “custom role” which provides the same defaults. This allows us to more easily modify what permissions the role has at run time–such as revoking workspace.share.

When workspace sharing is disabled we'll need to remove permission to...

• Share workspaces
• See other members of your organization
• See groups in your organization

We'll also need to...

• Reset all workspace ACL lists back to the default for workspaces in that organization (with a warning shown to the user about this destructive behavior)
• Prevent modifying the ACL of any workspace in that organization (/acl [patch] will always return an error code).
• Expose the number of shared workspaces in the organization