Permission improvements of the submission archive feature

[frjo]

Here are some issue with the current implementation:

• All staff can archive an submission, if they then do not have permission to view archived submission they get a 403. If they should be able to do this a redirect would be nicer.
• Should all staff be able to archive a submission?
• Be default no one can see archived submission, SUBMISSIONS_ARCHIVED_ACCESS_STAFF and SUBMISSIONS_ARCHIVED_ACCESS_STAFF_ADMIN are both false be default. Either super admins should have access or SUBMISSIONS_ARCHIVED_ACCESS_STAFF_ADMIN should default to true.
• Should we show on archived submission who can access them, maybe in the red border add info if staff or staff admins only can see this?

[wes-otf]

Might make sense for me to wrap these into #3646, four birds one stone. After talking with @Techslammer it seems like it'd be best for OTF's workflow if the only role that could make & access archives would be Staff Admin. @frjo what are your thoughts on that?

[frjo]

I think it makes sense for the default to be that Staff Admins can archive and see archived submissions. Then we have settings that can be turned on that allow staff to do the archiving and see the archives.

So default settings like these, two new added and two renamed for clarity:

SUBMISSIONS_ARCHIVED_VIEW_ACCESS_STAFF = False
SUBMISSIONS_ARCHIVED_VIEW_ACCESS_STAFF_ADMIN = True 
SUBMISSIONS_ARCHIVE_ACCESS_STAFF = False
SUBMISSIONS_ARCHIVE_ACCESS_STAFF_ADMIN = True

By settings all to false an organisation can then turn off the feature if they want.

Feel free to improve the settings names!

[wes-otf]

All of this sounds great! What did you have in mind for the redirects? In my current implementation I just have it redirect the user to the submission list page. Should we have a dedicated view for any permission denied?