Advise frontend about edit/delete permissions

If #43 is merged, the backend becomes the ultimate source of knowledge about whether an asset can be edited/deleted by a user.

Creation permissions are hard to capture in the existing API but it would be nice if the backend could return some indication of permissions in the asset resource.

E.g.

{
    "name": "..",
    // ... remainder of asset ...
    "permissions": ["change", "delete"]
}

Admin message

Advise frontend about edit/delete permissions