* Adapt cookie auth to work with same API permission system
* Handle unscoped store permission case
* Do not consider Unscoped as a valid policy
* Add tests
* Refactor permissions scopes
---------
Co-authored-by: Dennis Reimann <mail@dennisreimann.de>
Co-authored-by: nicolas.dorier <nicolas.dorier@gmail.com>
