Support restricting ability to remove public read access to data package and metadata after issuing a DOI

[servilla]

For a DOI to be created and registered with DataCite, PASTA requires that the data package and metadata components of the data package be readable by public (anonymous) users. However, current IAM will allow a user to embargo public access to a data package after receiving a DOI. This must be prevented.

We propose to use the DOI as a trackable resource in IAM so a DOI that is associated with a Data Package, if registered as an IAM resource, can be used to prevent ordinary data package owners from changing the permission of the Public Access user from anything other than None to None for the data package and metadata collection resources (data would still be permitted to be embargoed). As an Owner or Editor of the DOI, that user would be able to embargo the entire data package, even if a DOI exists. This allows for special cases where any component of the data package may contain sensitive information or be in error. Note that a permanent data package embargo would require the data package DOI to be tombstoned. We propose that the default DOI Owner be replicated from the Scope Owner of the corresponding data package.

[rogerdahl]

As a stopgap, we implement this as a simple dialog with a notice that fires when dropping public access from Read to None in production. Full implementation to follow.