Tighten up some policy interactions in Herald

Summary:
Ref T603. Herald is a bit of a policy minefield right now, although I think pretty much everything has straightforward solutions. This change:

• Introduces "create" and "create global" permisions for Herald.
  • Maybe "create" is sort of redundant since there's no reason to have access to the application if not creating rules, but I think this won't be the case for most applications, so having an explicit "create" permission is more consistent.
• Add some application policy helper functions.
• Improve rendering a bit -- I think we probably need to build some PolicyType class, similar to PHIDType, to really get this right.
• Don't let users who can't use application X create Herald rules for application X.
• Remove Maniphest/Pholio rules when those applications are not installed.

Test Plan:

• Restricted access to Maniphest and uninstalled Pholio.
• Verified Pholio rules no longer appear for anyone.
• Verified Maniphest ruls no longer appear for restricted users.
• Verified users without CREATE_GLOBAL can not create global ruls.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D7219