[S-RBAC] Allow network owners to get ports from that network

It was somehow missed initially when we wrote new Secure RBAC policies
but network owner should be able to see all ports created on the
network.

Additionally this patch adds mock of the neutron.policy.check function
in TestMl2DbOperationBounds class as this class is expected to check
DbOperators made by ML2 plugin while listing ports so there's no need to
include policy checks there too.

Conflicts:
    neutron/conf/policies/port.py

Change-Id: I2560edb915f7393fcda50dd4a37a1d366bd0ce59

Author: slawqo

neutron/conf/policies/port.py

@@ -275,6 +275,7 @@
         check_str=base.policy_or(
             base.ADMIN,
             base.RULE_ADVSVC,
+            base.RULE_NET_OWNER,
             base.PROJECT_READER
         ),
         scope_types=['project'],

neutron/tests/unit/plugins/ml2/test_plugin.py

@@ -903,6 +903,9 @@ class TestMl2DbOperationBounds(test_plugin.DbOperationBoundMixin,
     def setUp(self):
         super(TestMl2DbOperationBounds, self).setUp()
         self.kwargs = self.get_api_kwargs()
+        # NOTE(slaweq): In this class we are not testing any operations related
+        # to policy module so we don't need to checu policies
+        mock.patch('neutron.policy.check').start()
 
     def make_network(self):
         return self._make_network(self.fmt, 'name', True, **self.kwargs)