Fix checking of compose input if user is in multiple groups with different permissions.
This is currently problem in Fedora deployment. If user is
in multiple groups, for example "packager" and "sysadmin-odcs",
the first one matching will determine their permission and
second one is never tested. So even if "sysadmin-odcs" gives
used permissions to execute "tag" composes, user is not allowed
to do so, because "packager" group does not allow it.
This commit fixes it by testing all the groups user is in before
actually raising Forbidden error.
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>