feat(permissions): implement fine-grained permission control

[Lanfei]

Description / 描述

This PR implements a fine-grained, per-user read/write permission system at the meta level, allowing administrators to restrict specific users from accessing or modifying
certain paths. It also refactors existing permission check functions for clarity and adds comprehensive test coverage.

本 PR 在 meta
层面实现了细粒度的用户读/写权限系统，允许管理员限制特定用户对某些路径的访问或修改权限。同时对现有权限检查函数进行了重命名重构以提升可读性，并添加了完整的测试覆盖。

Key changes / 主要变更：

• Add ReadUsers/WriteUsers fields to the Meta model with sub-directory inheritance flags
  在 Meta 模型中新增 ReadUsers/WriteUsers 字段，支持子目录继承标志
• Implement CanRead and CanWrite permission check functions in server/common
  在 server/common 中实现 CanRead 和 CanWrite 权限检查函数
• Filter file list results based on user read permissions
  根据用户读权限对文件列表结果进行过滤
• Add permission checks across all file operations (FTP, HTTP handlers, WebDAV)
  在所有文件操作（FTP、HTTP 处理器、WebDAV）中添加权限检查
• Rename functions for clarity: User.CanWrite() → User.CanCreateFilesOrFolders(), common.CanWrite() → common.CanWriteContentBypassUserPerms(), common.IsApply() →
  common.MetaCoversPath()
  重命名函数以提升可读性：User.CanWrite() → User.CanCreateFilesOrFolders()，common.CanWrite() → common.CanWriteContentBypassUserPerms()，common.IsApply() →
  common.MetaCoversPath()

Note / 注意： Batch and recursive operations (FsMove, FsCopy, FsRemove, FsRecursiveMove, FsBatchRename, FsRegexRename) currently check parent directory
permissions only. Individual item permission checks are not performed for performance reasons.
批量与递归操作（FsMove、FsCopy、FsRemove、FsRecursiveMove、FsBatchRename、FsRegexRename）当前仅检查父目录权限，出于性能考量，不对单个子项逐一检查权限。

Motivation and Context / 背景

The existing permission system only supports coarse-grained flags (e.g., global write permission). There was no way to restrict specific users from reading or writing to
particular paths without affecting all users. This PR addresses that gap by introducing a per-user allowlist at the meta level.

现有权限系统仅支持粗粒度的标志位（如全局写权限），无法在不影响其他用户的情况下限制特定用户对特定路径的读写访问。本 PR 通过在 meta 层面引入基于用户的白名单机制来填补这一空白。

Relates to #1328
Closes #1257
Closes #1267
Closes #346
Closes #1753

How Has This Been Tested? / 测试

• Added TestCanRead, TestCanWrite, TestCanAccessWithReadPermissions, and TestWritePermissionCombinations to validate the three-layer permission system
  新增 TestCanRead、TestCanWrite、TestCanAccessWithReadPermissions 及 TestWritePermissionCombinations，验证三层权限体系
• Test scenarios cover: nil user/meta, sub-path inheritance, user whitelists, and root-level restrictions
  测试场景覆盖：nil 用户/meta、子路径继承、用户白名单及根路径限制
• Added 43 test scenarios for MetaCoversPath, CanWriteContentBypassUserPerms, getReadme, getHeader, isEncrypt, and whetherHide
  为 MetaCoversPath、CanWriteContentBypassUserPerms、getReadme、getHeader、isEncrypt、whetherHide 新增 43 个测试场景
• Added list_test.go and fsread_test.go for coverage of list filtering and read handler logic
  新增 list_test.go 和 fsread_test.go，覆盖列表过滤与读取处理器逻辑

Checklist / 检查清单

• I have read the CONTRIBUTING document.
  我已阅读 CONTRIBUTING 文档。
• I have formatted my code with go fmt or prettier.
  我已使用 go fmt 或 prettier 格式化提交的代码。
• I have added appropriate labels to this PR (or mentioned needed labels in the description if lacking permissions).
  我已为此 PR 添加了适当的标签（如无权限或需要的标签不存在，请在描述中说明，管理员将后续处理）。
• I have requested review from relevant code authors using the "Request review" feature when applicable.
  我已在适当情况下使用"Request review"功能请求相关代码作者进行审查。
• I have updated the repository accordingly (If it's needed).
  我已相应更新了相关仓库（若适用）。
  • OpenList-Frontend - feat(permissions): implement fine-grained permission control OpenList-Frontend#386
  • OpenList-Docs - docs(meta): implement fine-grained permission control OpenList-Docs#310