refactor: split Staff Dev role into separate roles, add CM vanity role

[wescopeland]

This PR repurposes the currently-unused Staff Developer role, splitting it into the three staff dev roles that have emerged since the original permissions matrix was envisioned. Those roles are:

• Quality Assurance
• Developer Compliance
• Code Reviewer

Each of these three roles has distinct responsibilities, and should ultimately have distinct abilities. There is enough nuance in their day-to-day that this split should occur.

Also, the way Staff Developer was written implied that a user would be promoted from Developer to Staff Developer. However, in practice, QAM/DevC/CR are additive to Developer, giving that Developer additional privileges. A full developer may have 1 to N of these three roles.

Additionally, a new vanity role has been added: Community Manager. This can be attached to users, but it should not have any abilities. A Community Manager should inherit abilities from other roles like Moderator, etc.

---

SQL commands to run:

-- 1: Detach developer-staff from any users.
DELETE FROM auth_model_roles
WHERE role_id = (SELECT id FROM auth_roles WHERE name = 'developer-staff');

-- 2: Remove developer-staff from the roles table.
DELETE FROM auth_roles WHERE name = 'developer-staff';

-- 3: Insert new roles.
INSERT INTO auth_roles (name, display, guard_name, created_at, updated_at) VALUES
    ('dev-compliance', 4, 'web', NOW(), NOW()),
    ('quality-assurance', 4, 'web', NOW(), NOW()),
    ('code-reviewer', 4, 'web', NOW(), NOW()),
    ('community-manager', 3, 'web', NOW(), NOW());

---

Things to note regarding this PR:

• There should not be any behavior changes for current users.
• When a developer is demoted, any staff developer roles they have should be detached.
• This is ultimately leading to users being able to select their visible role, which is currently a read-only field on the Settings page.

[Jamiras]

$user is overloaded here. it's already defined on line 162

[wescopeland]

Should be fixed in latest. I also added some safeguards to prevent server errors in case these code paths are entered from side effects (ie: a command, Horizon job, etc).

[Jamiras]

I see you removed the assignment of $user=Auth::user(), but this statement previously was causedBy(auth()->user()) and now it's causedBy(User::find($pivotId)).

The same change occurs a few lines up (151).

[wescopeland]

Ah, I see what's happening now. I got confused.

I try to replace those auth()->user() calls with Auth::user() -- for some reason my IDE yells about auth()->user(). I think we should be in a good place now with changes in latest.