Try to validate fs permissions against ns capabilities for posix origins #2200
Description
Pelican happily lets an origin start with a capability like "PublicReads" even when the xrootd user doesn't have the filesystem permissions to read anything under the storage prefix. This results in hard-to-diagnose runtime errors that require log diving and prior experience to solve.
Instead, we could try to turn this into a startup failure for the origin by checking the storage prefix and its permissions against the capabilities assigned for that storage prefix. If you say Pelican/XRootD should be able to read /foo but the ownership/permissions on /foo aren't correct for that to happen, throw and error.