Users without "access CiviReport" can still access some reports

This is a continuation of a related issue CRM-11354.

I think that a user should be required to have access to the "access CiviReport" permission in order to view any report. The reason is because it's intuitive to expect that removing this permission from anonymous users means you can safely assume anonymous users have no access to your reports. Also, when saving a report with the permission "anyone," it could be easy to think that means all logged in users and not realize that this includes anonymous users as well.

lobo has pointed out that some groups want anonymous users to be able to view certain reports. That makes sense - so those sites should give the anonymous user the "access CiviReport" permission and then update the Report in question to only require "access CiviReport" to be viewed.

Given dgg's changes in CRM-11354, I think we would need to add a new "accessCiviCampaign" permission and assign that permission to the survey reports so we don't ship any reports with "access CiviReport" permission by default. That way, just giving anonymous users access to "access CiviReport" does nothing by itself, you have to then assign the report the "anyone" permission.

I realize there's an upgrade issue here - many groups will have their anonymously accessible reports broken if we make this change - but I think it's better to be broken-shut than broken-open.

I'm sure there are reasons not to do this that I'm not thinking of - so happy to hear feedback and critiques.