Non-authorised DDHPAT users can Watch targets

[crarugal]

This possibly relates to #621 (it's still unclear if issue 621 is caused by a bug, or ACT users)

Example target: https://www.webarchive.org.uk/act/targets/168983

It seems that "archivist" roles, who aren't authorised to Watch targets, can do so:

However, "expert_user" roles are still unable to Watch targets:

[anjackson]

Back in #588 this appears to have been the desired behaviour!?

[crarugal]

I'm not sure if this is the intended behaviour @nicolabingham. It looks like any Archivist role can make any target a Watched target, even if they don't have DDHAPT permission. I tested it with this test Archivist account:

Not a Watched target

Archivist role with DDHAPT disabled, still able to make the target Watched:

I think #588 questioned the editing of targets between Archivist roles who had DDHAPT enabled.
But from what I can see, any Archivist role can Watch a target, so it seems that disabling or enabling DDHAPT doesn't change anything if you have an Archivist role.

[nicolabingham]

A review of users in ACT has found nearly 30 users with the Archivist role, which is wrong as there should be only one person at each institution with this role, except the BL which needs more than one for admin purposes. This is a separate issue and I'll review individual users in ACT.
In terms of DDHAPT, access should not be automatic. An Archivist should be able to enable DDHAPT access for ACT users, but only on a case by case basis, so if users can create Watched Targets without having permission, this is a bug.