More advanced route protection methods

[markjaquith]

Currently the protectedRoutes option just accepts an array of URL paths, and protects them based on "starts with".

That's a decent default method, because it errs on the side of protecting more (versus exact match). But some people might want to protect /admin but not protect /admin/join, or something.

So it should also accept an array of functions that take the request URL and return a boolean. If any is true, then that request is protected.

[hbcondo]

Could protectedRoutes be updated to support route groups for directories in parentheses?