[dev] Deny permissions

[Jason Rust]

> One idea is to allow groups to take regular expressions, so a
> group could be made that is something like *@example.com, which might be
> useful for some things, but that introduces a host of other security
> risks (and coding time ;).  

Thinking this over some more one idea that just came to mind is to
develop some sort of coupling of hooks to groups.  I could see this
being very useful.  For example a group 'foo' is made which corresponds to
_hooks_group_foo() which looks up in some database if the user is part
of department X, or in my case checks to see if they are authenticated.
This doesn't seem like it would be particularly hard to implement and
would allow permissions to be very powerful, but without adding any
extra complication to the average user.

-Jason