[lib][keyserver] Remove ADD_MEMBERS permission from community roots

Summary:
issue: ENG-7792
baseMemberUserSurfacedPermissions is used only in getRolePermissionBlobsForCommunityRoot. userSurfacedPermissions.ADD_MEMBERS permission was parsed by getThreadPermissionBlobFromUserSurfacedPermissions and resulted in two permissions being added to the resultant memberPermissions: add_members and child_open_add_members. We want the permissions for children to stay the same, so we make sure only add_members permission is removed.

But we have to make sure that old clients still get the ADD_MEMBERS permission. This is because otherwise, state check would have found many, many inconsistencies, likely resulting in socket crash loop on prod. So the client needs to get this permission in thread info, but the request to add members should fail[[https://linear.app/comm/issue/ENG-7792/disallow-adding-users-to-community-roots-on-the-keyserver#comment-3c202516 | More datails in discussion]]

Lastly, we should migrate old thread infos on the keyservers and clients. But this is very costly, so it will be done with D12062

Test Plan:
Tested new clietns (setting min code version to current code version):
Created a community. Tested that the admin and member cannot add users. Created a subchannel. Checked that both member and admin have the Add members button and checked from the member that it works.

Checked old clients by changing min code version to 999:
Created a new community → it shouldn’t allow adding new users to its root. Checked that the client thinks they can add users (button is visible). Checked that trying to actually add a user results in a server error (invalid_credentials)

Reviewers: ashoat, tomek, kamil

Reviewed By: ashoat

Subscribers: ashoat, tomek

Differential Revision: https://phab.comm.dev/D12235