Introduce per-tenant (firewall-)admin #2011
Description
define fw-admin who can edit firewalls belonging to a specific tenant only.
Maybe combine existing fw-admin role with tenant-membership (allowing a tenant0-fw-admin to edit all firewalls).
This would be a prerequisite for a single cloud-based platform.