Fix checking of compose input if user is in multiple groups with different permissions.
    
    This is currently problem in Fedora deployment. If user is
    in multiple groups, for example "packager" and "sysadmin-odcs",
    the first one matching will determine their permission and
    second one is never tested. So even if "sysadmin-odcs" gives
    used permissions to execute "tag" composes, user is not allowed
    to do so, because "packager" group does not allow it.
    
    This commit fixes it by testing all the groups user is in before
    actually raising Forbidden error.
    
    Signed-off-by: Jan Kaluza <jkaluza@redhat.com>