Use access permissions rather than roles for permissions
InvenioRDM v10 reworked some permissions s.t. permission checks don't go through roles but instead through access permissions (e.g. admin-access
and superuser-access
rather than the Admin role).
We should rework our trusted-user
and trusted-publisher
roles into access permissions similarly.
This also has the benefit of those roles not showing up in the "groups" e.g. when inviting community members.
https://inveniordm.docs.cern.ch/releases/versions/version-v10.0.0/#breaking-changes