Show multiple permission reasons as JSON arrays, refs #2531

- Modified /-/allowed to show all reasons that grant access to a resource
- Changed from MAX(reason) to json_group_array() in SQL to collect all reasons
- Reasons now displayed as JSON arrays in both HTML and JSON responses
- Only show Reason column to users with permissions-debug permission
- Removed obsolete "Source Plugin" column from /-/rules interface
- Updated allowed_resources_with_reasons() to parse and return reason lists
- Fixed alert() on /-/allowed by replacing with disabled input state

tests/test_actions_sql.py

@@ -163,10 +163,11 @@ async def test_allowed_resources_with_reasons(test_ds):
         # Check we can access both resource and reason
         for item in allowed:
             assert isinstance(item.resource, TableResource)
-            assert isinstance(item.reason, str)
+            assert isinstance(item.reason, list)
             if item.resource.parent == "analytics":
-                # Should mention parent-level reason
-                assert "analyst access" in item.reason.lower()
+                # Should mention parent-level reason in at least one of the reasons
+                reasons_text = " ".join(item.reason).lower()
+                assert "analyst access" in reasons_text
 
     finally:
         pm.unregister(plugin, name="test_plugin")