Determine standard for subqueries and linked data

[maxachis]

Context

Now that we've introduced subqueries to our endpoints -- where calling one endpoint can return linked data typically associated with another endpoint (data sources linked to data requests, etc.), as well as endpoints explicitly returning data linked to particular ids, we need to take into account how subquery logic interacts with other components of our logic, including:

1. Our primary GET endpoints have variable column permissions depending on whether the user is an admin or a standard user. Do such variable permissions apply also to subqueried data, or do we only get the standard set of columns?
2. Same as above, but what about when we're getting data linked to another id? e.g., for /data-requests/{data_request_id}/related-sources, do we have variable column permissions for those related sources depending on the permission level of the admin, or do we keep them standard for simplicity?
3. Our standard GET requests now include (or are being updated to include) subqueries, such as data sources associated with each data request. What about when we're getting related data through a /related-etc endpoint? Do those also return subquery data, or not?

Requirements

• Determine what are the rules for the above cases.
• Where logic needs to be modified, modify that logic.

Tests

• Tests may need to be updated to ensure results conform with expected standards.

Docs

• Documentation is currently inconsistent on these topics -- what columns are returned haven't been formalized because we don't yet have answers on what they should look like. Once we figure out these answers, we should update documentation accordingly.

Open questions

• See above.

[josh-chamberlain]

1. If we're subquerying, let's just return a standard set of columns. We have made positive decisions about when to return extra columns, and we can assume they will appear when needed.

2. I think standard is OK for the same reason.

3. I don't think they need to. We just want to know that there exists a related thing, and that it can be found by an ID or listed by name, but we likely won't need all the related info. We can circle back for it if needed, but it need not be the default.