This diff addresses ENG-8953. I went through each broken permission listed here.

1. The changes in lib/types/thread-permission-types.js update the mapping from UserSurfacedPermission to role permission strings, the representation used in MariaDB. We add permission strings that guarantee each user-surfaced permission propagates to descendants in the right way.
2. The changes in lib/permissions/thread-permissions.js removes these permissions from being assigned based on ThreadType. The user-surfaced permissions are responsible for these permissions, so we need to make sure they don't appear if the admin didn't grant them.

Depends on D13016

The whole stack was tested as follows:

1. Unit tests from D9686, which toggle user-surfaced permissions on and off and make sure no difference is caught. This ensures that the original issue introduced in D9686 isn't reintroduced
2. Careful review of each descendant permission removed in D9686
3. Create a community as userA and add userB. Grant tagging permissions to all members. Make sure userB can tag inside non-root channels
4. Do above, then create a channel without userB, and make sure userB can't tag there either (or do anything other than view). This is the repro described here
5. Do above, but also create a thread inside the channel (as userA) and make sure userB can't do anything inside the thread other than view, until they join the parent channel