TYPO3 Security Framework should not take unexisting roles into account
Now the Security Framework uses all roles available in the tokens. When a role is not configured in the Policy.yaml this should not have effect.
For example if you now create a new Phoenix user with the role 'User' the backend gives an 'Access denied!' because the security framework does not know the role User.
Expected behavior: just ignore the users role?