pkg -R should report EPERM earlier in detection

[mamurphy]

pkg -R should report EPERM earlier in detection
"pkg -R / update" produces an EPERM error because it can read /var.
"pkg -R /zones/zonename/root update" doesn't because it can't read /zones/zonename/root/var.

mmurphy@global:~$ pkg -R / update -nv `cat packages.txt`
pkg: 0/1 catalogs successfully updated:

Could not operate on /var/pkg/publisher/ms.omniti.com/origins/953c354efa8f7f2a86f2edbf1c6c3c9875f62ba0/tmpLLkbkP
because of insufficient permissions. Please try the command again as a privileged user.
mmurphy@global:~$ pkg -R /zones/foo/root update -nv  `cat packages.txt`
pkg: No image rooted at '/zones/foo/root'
mmurphy@global:~$ zfs list | grep "foo/root"
data/zones/foo/ROOT/zbe-1                2.90G   717G  1.50G  /zones/foo/root

[danmcd]

We need modules/client/image.py to throw PermissionsException instead of ImageNotFoundException when it's finding the image based on a -R argument to pkg(1). HOW we make that happen isn't immediately clear, but having the lower-level throw PermissionsException, and if it isn't already, having client.py catch that exception, is how we address this problem.