user.Manager: fix ACL write, read order

[sandman7920]

This should fix read-only access to topic * being applied before read-write access to topic _PREFIX_* Before this if we have:

ntfy access user "mytopic*" rw
ntfy access user "*" ro

read-only access rule was applied first and user couldn't write to mytopic*

See #914

[sandman7920]

This PR still does not solve the following case

ntfy access user "mytopic*" rw
ntfy access user "mytopic_read_only*" ro
ntfy access user "*" ro

The user will still be able to write into mytopic_read_onlyXXX

Maybe query should be something like that

selectTopicPermsQuery = `
  SELECT read, write
  FROM user_access a
  JOIN user u ON u.id = a.user_id
  WHERE (u.user = ? OR u.user = ?) AND ? LIKE a.topic ESCAPE '\'
  ORDER BY u.user DESC, LENGTH(a.topic) DESC, a.write DESC
`

For each user, we should test in order THE_LONGEST_RULE->WRITE_PERMISSION

[binwiederhier]

Can you add a bunch of unit tests to check these cases? I don't want to just yolo merge this.

[sandman7920]

A new test was added, and some old tests had to be rearranged to follow the new rules chain Longest->Shortest.

P.S.
Sometimes TestManager_AddUser_Timing fails

=== RUN   TestManager_AddUser_Timing
    manager_test.go:142:
                Error Trace:    user/manager_test.go:142
                Error:          "49" is not greater than or equal to "50"
                Test:           TestManager_AddUser_Timing

[sandman7920]

I don't know how fast the SQLIte.LENGTH function is, maybe it's reasonable to create a topic_length field in the users.db access table.

[binwiederhier]

I would like to apologize for not addressing this earlier. I am looking at your solution now, and I'm trying to understand the root cause. Thank you for the tests and all the work. It is much appreciated!!