Now that we use Match() in allowAdmin() as well, it's awkward to
have it return `true` when called with an empty admin list.
No admins defined was taken to mean "everyone is an admin".
We can either have a `len(users) == 0` check in `allowAdmin` which
rejects the request, or we can change `Match()` so that it doesn't
return positive responses when called with an empty list. Doing the
latter sounds better. It's more natural that matching against an empty list
will yield "no match".
This used to return an error back when it was dealing with wildcards
(which may or may not have compiled to a valid regex).
But it now deals with pre-compiled regexes and has no chance of failing,
so we need no `error` returns.
This does not do anything useful just yet.
It will be hooked to access control checks later on.
Wildcards are converted to regular expressions, because it was simpler
to do that than to write (or include) some ugly wildcard matcher library.
It also provides more flexibility, should we wish to use it later.
Regular expressions should also work well performance-wise.
We compile wildcards to regexes early on (during configuration
processing) and fail if we detect a bad pattern. This is meant to
catch various problems (typos or other mistakes) that could happen.
For this to work, configuration building had to be redone, since it can
now return an error. This may be useful in the future for validating
other configuration settings.
Related to https://gitlab.com/etke.cc/postmoogle/-/issues/1
