Rework permission handling

Add a new function has_credential() that checks whether the currently
logged in user is allowed to perform a given action. Moving all
permission handling to this central place makes adding new user groups
and adjusting permissions much more convenient.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>

web/html/pkgmerge.php

@@ -10,13 +10,7 @@ check_sid();
 
 html_header(__("Package Merging"));
 
-$atype = "";
-
-if (isset($_COOKIE["AURSID"])) {
-	$atype = account_from_sid($_COOKIE["AURSID"]);
-}
-
-if ($atype == "Trusted User" || $atype == "Developer"): ?>
+if (has_credential(CRED_PKGBASE_DELETE)): ?>
 <div class="box">
 	<h2><?= __('Merge Package: %s', htmlspecialchars($pkgbase_name)) ?></h2>
 	<p>