slapos_erp5: customer must be able to create token for slapos client

master/bt5/slapos_erp5/LocalRolesTemplateItem/access_token_module.xml

 <local_roles_item>
  <local_roles>
+  <role id='F-CUSTOMER'>
+   <item>Author</item>
+  </role>
   <role id='F-PRODUCTION*'>
    <item>Author</item>
   </role>
  </local_roles>
  <local_role_group_ids>
   <local_role_group_id id='function'>
+    <principal id='F-CUSTOMER'>Author</principal>
     <principal id='F-PRODUCTION*'>Author</principal>
   </local_role_group_id>
  </local_role_group_ids>

master/bt5/slapos_erp5/PortalTypeRolesTemplateItem/Access%20Token%20Module.xml

 <type_roles>
+  <role id='Author'>
+   <property id='title'>Customer</property>
+   <multi_property id='categories'>local_role_group/function</multi_property>
+   <multi_property id='category'>function/customer</multi_property>
+   <multi_property id='base_category'>function</multi_property>
+  </role>
   <role id='Author'>
    <property id='title'>Production</property>
    <multi_property id='categories'>local_role_group/function</multi_property>

master/bt5/slapos_erp5/TestTemplateItem/portal_components/test.erp5.testSlapOSERP5GroupRoleSecurity.py

@@ -2034,8 +2034,9 @@ class TestAccessTokenModule(TestSlapOSGroupRoleSecurityMixin):
   def test_AccessTokenModule(self):
     module = self.portal.access_token_module
     self.assertSecurityGroup(module,
-        ['F-PRODUCTION*', module.Base_getOwnerId()], False)
+        ['F-PRODUCTION*', 'F-CUSTOMER', module.Base_getOwnerId()], False)
     self.assertRoles(module, 'F-PRODUCTION*', ['Author'])
+    self.assertRoles(module, 'F-CUSTOMER', ['Author'])
     self.assertRoles(module, module.Base_getOwnerId(), ['Owner'])