Working on customer's infrastructure: restrict user permissions to one project

[aronmolnar]

When working on pentesting customer's equipment, it would be nice to access SysReptor and directly insert screenshots, notes, findings (instead of collecting evidence, transferring, uploading).

However, the customer controls the equipment and might compromise the SysReptor user and thereby data of other projects.

To resolve this, we might allow users to create sub-users that are restricted to a single project.
Pentest customers could then also compromise the user but only get access to the current (customer's) project.

This sub-user could also create (or use) an API token to be able to use reptor (CLI) and the regular API.
The API token can expire, as soon as the project is finished.