Package management auth improve

[zymap]

Motivation

Currently, if the pulsar service enables the authentication and authorization, only the role who have Package permission can access the package management service. So we need more detailed permissions for the package management operations. Such as a user can be granted the 'read' permission that he can download and get the metadata but he can't do the upload or deletions. I will check the permissions and refine the permissions of the package operations.

[codelipenghui]

The issue had no activity for 30 days, mark with Stale label.