Check permissions when accessing changelogs

root permissions should be checked when reading or clearing changelogs from clients. In particular, if root is squashed via a nodemap entry, it should not be allowed to access changelogs.

I will push a patch to implement this check.