table by hand anymore! Update the group_policies table and then run
the script to update the permissions table (sbin/update_permissions).

Details:

My original thought when I started this was that I would be able to
replace the existing nodetypeXpid_permissions table with this new
stuff. Well, it turns out that this was not a good thing to do, for a
couple of reasons:

  * Engineering: We access the nodetypeXpid_permissions table from three
    different languages, and no way I wanted to rewrite this library in
    in python and php!

  * Performance: We access the nodetypeXpid_permissions from the web
    interface, on every single page load. In fact, we access it twice if
    if you count the FreePCs() count that we put at the top of the menu.
    Going through this library on each page load would be a serious drag.

So, rather then actually get rid of the nodetypeXpid_permissions table, I
decided to keep it as a "cache" of permissions stored in the group
policies table. Each time you update the policy tables, we need to run
the update_permissions script which will call into this library (see the
TBUpdateNodeTypeXpidPermissions() routine) to reconstruct the permissions
table. I have whacked the grantnodetype script to do exactly that.

Note that we could proably do the same thing for users by creating an
equivalent nodetypeXuid_permissions table, mapping users to types they
are allowed to use. That would be a lot rows, but the amount of data in
the table is small. That would give us very fine grained control of what
we show people in the web interface. Not sure it is worth it though.

I also added some instructions to previous commit in database-migrate.txt
on populating the new group_policies table from the existing
permissions table.