Individual project access
luci-config: each project can declare who can read its configs and see
it in project/ref listings. A project can do that by putting
projects/<project_id>:project.cfg file with "access" field set to a
group name defined at auth service. If not specified, only admins have
access.
project_access_group in acl.cfg remains the same
Removed check of X-Appengine-Inbound-Appid check because it does not work.
Replaced with appid@(appspot|googleplex).gserviceaccount.com check
R=sergiyb@chromium.org, vadimsh@chromium.org
BUG=#228