Make a service model and use for permissions

Having the service floating about as JSON is a bit flakey. Could easily
introduce a mistake where you mistype the name of a key and silently
get `None`.

Also means doing awkward things like `if 'permission' in
current_service['permissions']`, whereas for users we can do the
much cleaner `user.has_permission()`.

So this commit:
- introduces a model
- adds a `.has_permission` method similar to the one we have for users

app/templates/views/manage-users.html

@@ -92,7 +92,7 @@
                 'Basic view'
               ) }}
             {% endif %}
-            {% if 'email_auth' in current_service['permissions'] %}
+            {% if current_service.has_permission('email_auth') %}
               <div class="tick-cross-list-hint">
                 {% if user.auth_type == 'sms_auth' %}
                   Signs in with a text message code