Permission lists - Restrict route to multiple permission levels.

I will now begin work on a PR to add support for restricting routes to multiple permissions like this:
```
async def protected_page(self, request):
    await check_permission(request, ['protected', 'level1', 'level2'])
    response = web.Response(body=b'You are on protected page')
    return response
```
Discussion welcome.