Chef knife-acl provider to manage RBAC

[hashibot]

This issue was originally opened by @spuder as hashicorp/terraform#4682. It was migrated here as part of the provider split. The original body of the issue is below.

---

The new chef provider is great. It would be fantastic if it could also manage the state of the acl.
Enterprise chef users are expected to use the knife-acl plugin.

https://github.com/chef/knife-acl

For example to create a new user 'foo' and assign them to a group 'bar' then give them the ability to modify environments roles and databags

knife client create foo
knife group create bar
knife group add client foo bar

# Environments
knife acl add group bar containers environments create,read,update
knife acl bulk add group bar environments '.*' create,read,update --yes

# Roles
knife acl add group bar containers roles create,read,update
knife acl bulk add bar admin-clients roles '.*' create,read,update --yes

# Databags
knife acl add group bar containers data create,read,update
knife acl bulk add group bar data '.*' create,read,update --yes