fixes #3917 - replace protected_attrs with strong parameters

Filtering of attributes has moved from the protected_attributes gem to
strong parameters in controller concerns, to be in line with current
Rails recommendations.

Concerns are shared between UI and both API controllers and list the
attributes using Foreman::ParameterFilter, which provides additional
features:

1. Registration of additional attributes from plugins, through the
plugin API or `attr_accessible` for short term compatibility.
2. Re-use of permitted attribute lists for nested models (e.g. host
and interface).
3. Combining of lists of attributes from all sources in a single
permit call.
4. A small DSL for changing accepted parameters based on controller,
action and UI/API type.

Plugins should either temporarily depend on protected_attributes to
continue to protect their models or call permit/use ParameterFilter
similarly: http://projects.theforeman.org/projects/foreman/wiki/Strong_parameters

Some UI changes were required to make nested model hash keys all
integers instead of "new_123456" etc, else strong parameters would
filter the entries out.

The Role model's builtin default has been moved from initialize to the
database as the removal of protected_attrs changed the initialisation
order.