Removes all direct dependencies on Ddr::Auth

• ddr-public now supplies its own Ability class without reference to Ddr::Auth::Ability or ability definitions from ddr-core (DDR-2456, DDR-2457). Publication status is now included as an authorization criterion (DDR-2507). Authorizing resources by ID (String) has been deprecated with a warning; code should be updated to authorize SolrDocument instances only.
• The User model no longer uses Ddr::Auth::User (DDR-2436).
• ddr-public now supplies its own AuthContext class without reference to Ddr::Auth::AuthContext or subclasses. The AuthContext instance should be considered a private implementation detail that may change or be removed without notice.
• Removes Ddr::Auth::RoleBasedAccessControlsEnforcement from controllers (DDR-2455). The required #enforce_show_permissions and #current_ability methods are supplied.
• All methods referencing roles have been removed. ddr-public does not need to use or know about roles, only effective permissions.
• Some refactoring and reformatting has been done to improve clarity and readability.
• Some service ports have been exposed in the test-interactive environment for debugging.