chore: break down dbauthz.System into smaller roles (#6218)

- rbac: export rbac.Permissions
- dbauthz: move GetDeploymentDAUs, GetTemplateDAUs,
  GetTemplateAverageBuildTime from querier.go to system.go
  and removes auth checks
- dbauthz: remove AsSystem(), add individual roles for
  autostart, provisionerd, add restricted system role for 
  everything else

coderd/database/dbauthz/querier_test.go

@@ -540,12 +540,6 @@ func (s *MethodTestSuite) TestTemplate() {
 			TemplateID:     uuid.NullUUID{UUID: t1.ID, Valid: true},
 		}).Asserts(t1, rbac.ActionRead).Returns(b)
 	}))
-	s.Run("GetTemplateAverageBuildTime", s.Subtest(func(db database.Store, check *expects) {
-		t1 := dbgen.Template(s.T(), db, database.Template{})
-		check.Args(database.GetTemplateAverageBuildTimeParams{
-			TemplateID: uuid.NullUUID{UUID: t1.ID, Valid: true},
-		}).Asserts(t1, rbac.ActionRead)
-	}))
 	s.Run("GetTemplateByID", s.Subtest(func(db database.Store, check *expects) {
 		t1 := dbgen.Template(s.T(), db, database.Template{})
 		check.Args(t1.ID).Asserts(t1, rbac.ActionRead).Returns(t1)
@@ -560,10 +554,6 @@ func (s *MethodTestSuite) TestTemplate() {
 			OrganizationID: o1.ID,
 		}).Asserts(t1, rbac.ActionRead).Returns(t1)
 	}))
-	s.Run("GetTemplateDAUs", s.Subtest(func(db database.Store, check *expects) {
-		t1 := dbgen.Template(s.T(), db, database.Template{})
-		check.Args(t1.ID).Asserts(t1, rbac.ActionRead)
-	}))
 	s.Run("GetTemplateVersionByJobID", s.Subtest(func(db database.Store, check *expects) {
 		t1 := dbgen.Template(s.T(), db, database.Template{})
 		tv := dbgen.TemplateVersion(s.T(), db, database.TemplateVersion{
@@ -1220,7 +1210,4 @@ func (s *MethodTestSuite) TestExtraMethods() {
 		s.NoError(err, "insert provisioner daemon")
 		check.Args().Asserts(d, rbac.ActionRead)
 	}))
-	s.Run("GetDeploymentDAUs", s.Subtest(func(db database.Store, check *expects) {
-		check.Args().Asserts(rbac.ResourceUser.All(), rbac.ActionRead)
-	}))
 }