Make role names an enum in the DB

[david-crespo]

Followup to #7477, especially #7477 (comment).

Role names are currently represented as free-form strings, but as far as I know the only actual values are admin, collaborator, viewer, or external-authenticator. This was originally expected to be a more flexible system, but we've managed to get a lot out of this basic set of roles. After the cleanup in #7477 made clear we are not using a dynamic list of roles, we have an opportunity to simplify things even further by locking down the set of roles to a Rust enum backed by a Rust enum.

omicron/schema/crdb/dbinit.sql

Lines 2919 to 2922 in 2561a7a

	CREATE TABLE IF NOT EXISTS omicron.public.role_assignment (
	/* Composite foreign key into "role_builtin" table */
	resource_type STRING(63) NOT NULL,
	role_name STRING(63) NOT NULL,

omicron/nexus/db-model/src/role_assignment.rs

Lines 56 to 65 in 2561a7a

	/// Describes an assignment of a built-in role for a user
	#[derive(Clone, Queryable, Insertable, Debug, Selectable)]
	#[diesel(table_name = role_assignment)]
	pub struct RoleAssignment {
	pub identity_type: IdentityType,
	pub identity_id: Uuid,
	pub resource_type: String,
	pub resource_id: Uuid,
	pub role_name: String,
	}

External API structs

Missing external-authenticator because it is never exposed externally.

omicron/nexus/types/src/external_api/shared.rs

Lines 104 to 110 in 2561a7a

	pub enum FleetRole {
	Admin,
	Collaborator,
	Viewer,
	// There are other Fleet roles, but they are not externally-visible and so
	// they do not show up in this enum.
	}

omicron/nexus/types/src/external_api/shared.rs

Lines 127 to 131 in 2561a7a

	pub enum SiloRole {
	Admin,
	Collaborator,
	Viewer,
	}

omicron/nexus/types/src/external_api/shared.rs

Lines 146 to 150 in 2561a7a

	pub enum ProjectRole {
	Admin,
	Collaborator,
	Viewer,
	}