User-Specific Scene Support

[AO-StreetArt]

Enable 'private' scenes which don't show up in queries, but can be registered/updated to by those given permission.

A lot of the logic for this should sit outside of Ivan (ie. authenticating individual devices with role-based access control), but we may need to add supporting elements into Ivan to glue the flow together.

[AO-StreetArt]

Should generally support support for multiple tenants with independent data sets. One client can only work on their data, and likewise for others.

Right now, each client would need their own cluster.

[AO-StreetArt]

We want to support user-specific scenes, as well as public and private projects.

Two fields should be added to the 'Scene', 'is_public' and 'user'.

When Authentication is active, Adrestia can place the X-Aesel-Principle header into HTTP requests with the username of the end-user initiating a transaction.

For CRUD operations, we read this value, and match against any 'user' stored on a scene. If there is a user on the scene that does not match the user on the request, and 'isPublic' is set to false, then we should reject the transaction being processed. In the case of create transactions, the user should be added as a field on the scene.

A new request parameter should be supported on the query endpoint with name 'public', with boolean values and a default of true. Then we add 'isPublic' to the executed Neo4j queries, and if the request parameter is set to false, we also add 'user' to the query.