Add support for invite-only groups.

This provides support for marking a group as invite-only. An invite-only
group cannot be viewed by non-members of the group, either through the web
or the API.

A review request targetting only invite-only groups cannot be viewed unless
the user is either explicitly specified on the review request or they're
a member of at least one of the targetted groups.

If a review request has any public groups listed, then the review request will
be visible. We operate on the principle that things are by default open, and
to make a review request private, it must go out to private groups.

This will be extended later to support repository access control.

Users will be able to see review requests and groups that you may not have
access to in the various lists. This may change in a future commit, but right
now the filtering is done on access and not on list. The only place where
this is actually a problem is on the "All Review Requests" page, since if it's
on your dashboard, you won't be able to see it. The Groups page filters
as well.

Unit tests passed.

I tested this with a dummy user on my dev server and verified that I couldn't access the groups or review requests I didn't have permission to access. Same with the API.