This removes our query to FAS and fixes#304.
It is more flexible too, where we can now configure production to only
allow in members of the `modularity-wg` group, and then later open it up
to all packagers after F26 is out (as was agreed with FESCo).
In the process of working on this, I discovered that #305 is not
necessary. We don't need our own scope; we can just use the `groups`
scope as done here.
Before this, we were consulting pkgdb to see if the given user was the
maintainer of any packages.
That mostly works... but technically, we want to consult FAS to see if
the user is in the packager group.
We found this when @mprahl was unable to submit builds to rida. I added
him to the packager group, but nothing changed! (As written, he had to
actually own a package).
This change fixes all that so that we query FAS instead of pkgdb.
Tests are added.
