Add new AdminContextResource class to admin.py that gives the 'admin'
permission to requests with the 'group:admin' principal, configure the
admin routes to use it.
Remove the security.ALL_PERMISSIONS that 'group:admin' used to have on
the app and API root resources.
This means that admins (only) can use views with the 'admin' permission
and the AdminContextResource factory, but they don't have any special
permission to use other views (e.g. they can't edit or delete other
people's annotations anymore).
All checks have passed
3 successful checks
— The Travis CI build passed