Role-based embargo exemptions

We can currently add individual users as being exempt from individual embargoes. We'd like to be able to add roles. This would allow better institutional management of content where the 'admin' (or other) username and password don't need to be shared.