Support for getting set of roles from ProviderBackend

I think it makes more sense for document-level security in Solr to use roles as the tokens rather than groups. This should mean less frequent reindexing, because the roles can be modified via the sentry configuration, rather than the documents themselves.

To support this, the SolrAuthzBinding needs to have access to the roles associated with the groups that it gets from the GroupMappingService.