[14.0] group_backend: new module and rename group_backend to base_group_backend

As a developer we have to keep in mind using this module and grant a user with 's group is
equivalent to grant 's group everywhere  has been used.

Co-authored-by: Jean-Charles Drubay <jcdrubay@users.noreply.github.com>

base_group_backend/readme/CONFIGURE.rst

@@ -0,0 +1,8 @@
+To allow `group_backend` to interact with a model you can either add access rules to the group
+or you can add `implied_ids` to `group_backend`.
+
+.. note::
+
+   Be aware users can only belong to one group from the user type category
+   (`base.module_category_user_type`). So your other groups can't inherit both
+   internal users and backend users.

base_group_backend/readme/CONTRIBUTORS.rst

@@ -0,0 +1,4 @@
+* Pierre Verkest <pierreverkest84@gmail.com>
+* François Poizat <francois.poizat@gmail.com>
+
+Do not contact contributors directly about support or help with technical issues.

base_group_backend/readme/DESCRIPTION.rst

@@ -0,0 +1,45 @@
+This module was written to extend the standard functionality regarding users
+and groups management by adding a new `Backend user` group that only gives access
+to odoo backend (`/web`):
+
+* minimal default access:
+  * users and partners (this is necessary to access your own data)
+  * mail activity, notification and channel
+  * presence
+* minimal default menu
+  * notification
+  * activities
+* minimal default access rules
+
+The problem with the `Internal user` is when you want to gives access to the
+backend to a really thin part of your business to some users, it's quite hard
+to properly maintain those roles over the project life, a lot of models use
+that group (`base.group_user`) by default which makes hard to maintains.
+
+So that helps creating well-defined user groups with more controls.
+
+This modules does 3 things:
+* It hijack the has_group method of res.users by returning True for group_backend users when the requested group is group_user (The need for this needs to be investigated)
+* It sets the res_users.share to False for group_backend users. This allows those users to access the backend.
+* It sets the bare minimum permission in the ir.model.access.csv to display the backend
+
+We suggest to use this module with its compagnon `base_user_role`
+
+
+Limitations
+~~~~~~~~~~~
+
+At the time of writing, Odoo uses `res.users.share == False` to give the
+backend access.
+However to be able to access the backend without any errors some basic rights are necessary.
+This module change the way `res.users.share` is computed to allow `group_backend users` to use the backend.
+
+This avoids to write a lot of overwrite in different controllers from
+different modules ('portal', 'web', 'base', 'website') with hard coded statements
+that check if user is part of the `base.group_user` or `share == False` group.
+
+.. warning::
+
+    Using this module and grant a user with `group_backend`'s group is
+    equivalent to grant `group_user`'s group everywhere `has_group`
+    has been used.

base_group_backend/readme/USAGE.rst

@@ -0,0 +1,7 @@
+To use this module, you need to:
+
+#. Go to Configuration / Users / Users, choose a user and set the user type.
+
+You get a users that is only able to access to the Odoo backend which you
+can attach other groups that not implies other kind of users (`portal`,
+`internal users`)