Add support for per-role quote policies in addition to the existing general policy (which would become the "default" policy for roles that don't have an override). This would allow a more relaxed general policy but stricter requirements for nodes that can access the key manager (eg. compute/observer nodes).