fix up some thumbnail issues. Also we need to manage the user permissions when we clone and delete course

respond to Cale pull request comments. Update access.py (LMS) to use the same 'check for legacy group name first' logic. Add SECRET_KEY setting to the CAS project so that auth tokens from CAS are accepted in the LMS

adhere to the naming conventions of user groups (instructor_* and staff_* of the LMS AuthZ implementation). While we're keeping our authz.py implementation - which is duplicative of LMS's access.py - in order to minimize code churn/risk-of-regression, there is data compatibility so the two systems will interpret the data the same way

add distinct 'admin' role separate from 'editors'. Only 'admins' should be able to add/remove editors.