macaroons: add special permission entity for URI specific permissions

To make the permission system even more fine-grained, we want to allow
users to specify exact gRPC URIs in the macaroon permissions instead of
just broad entity/action groups.
For this we add the special entity "uri" which allows an URI specific
permission to be defined as "uri:/lnrpc.Lightning/GetInfo" for example
instead of the more coarse "info:read" which gives access to multiple
URIs.

macaroons/service_test.go

@@ -21,6 +21,10 @@ var (
 		Entity: "testEntity",
 		Action: "read",
 	}
+	testOperationURI = bakery.Op{
+		Entity: macaroons.PermissionEntityCustomURI,
+		Action: "SomeMethod",
+	}
 	defaultPw = []byte("hello")
 )
 
@@ -125,6 +129,7 @@ func TestValidateMacaroon(t *testing.T) {
 	// Then, create a new macaroon that we can serialize.
 	macaroon, err := service.NewMacaroon(
 		context.TODO(), macaroons.DefaultRootKeyID, testOperation,
+		testOperationURI,
 	)
 	if err != nil {
 		t.Fatalf("Error creating macaroon from service: %v", err)
@@ -142,7 +147,18 @@ func TestValidateMacaroon(t *testing.T) {
 	mockContext := metadata.NewIncomingContext(context.Background(), md)
 
 	// Finally, validate the macaroon against the required permissions.
-	err = service.ValidateMacaroon(mockContext, []bakery.Op{testOperation})
+	err = service.ValidateMacaroon(
+		mockContext, []bakery.Op{testOperation}, "FooMethod",
+	)
+	if err != nil {
+		t.Fatalf("Error validating the macaroon: %v", err)
+	}
+
+	// If the macaroon has the method specific URI permission, the list of
+	// required entity/action pairs is irrelevant.
+	err = service.ValidateMacaroon(
+		mockContext, []bakery.Op{{Entity: "irrelevant"}}, "SomeMethod",
+	)
 	if err != nil {
 		t.Fatalf("Error validating the macaroon: %v", err)
 	}