Improve permissions validation for categories and attributes

We should have dedicated permissions for creating, updating, and deleting categories and attributes, together with permissions for attaching and detaching attributes to projects. For the development phase, most of the services and mutations enforce admin_security_attributes on the root namespace.