chore: update ACLs

- Added permission to manage badges for user support (mainly to assign the donator badge)
- Added `channels/{fetch,create}/dm` for moderation, required for alerts
- Removed permission bypass for insert since it shouldn't be needed anymore

lib/accessPermissions.ts

@@ -97,6 +97,7 @@ const PermissionSets = {
     "users/fetch/by-id",
     "users/fetch/strikes",
     "users/fetch/notices",
+    "users/update/badges",
 
     "accounts/fetch/by-id",
     "accounts/disable",
@@ -118,6 +119,8 @@ const PermissionSets = {
 
     "messages/fetch/by-id",
     "channels/fetch/by-id",
+    "channels/fetch/dm",
+    "channels/create/dm",
 
     "reports/fetch/related/by-user",
     "reports/fetch/related/by-content",
@@ -177,7 +180,7 @@ const ACL: Record<string, Set<Permission>> = {
 };
 
 function hasPermission(email: string, permission: Permission) {
-  if (email === "insert@revolt.chat" || process.env.BYPASS_ACL) return true;
+  if (process.env.BYPASS_ACL) return true;
   if (!ACL[email]) throw `user is not registered in system: ${email}`;
 
   const segments = permission.split("/");