Allow for action based security

Action based security allows limiting the scope of actions on objects to certain users or roles. 

For example, user Matt can not modify or save any object in Hop GUI.

Another example might be: user Marie can not connect to database MongoDB in Hop GUI or when executing anywhere.

So to do this we need a few things:

• Information about the current user and/or their role so that the distinct list of ACLs can be derived.
• A set of security rules for a particular Environment
• A way to enforce security in both the user interface and during execution. 
•  

So very much like extension point plugins we need a generic way of dealing with action based security.

Before executing a pipeline we need to have an extra line of code somewhere that makes a call to something like

HopSecurity.validateAction(SecurityAction.ExecutePipeline, variables, metadataProvider); 

This method would throw an exception if the current user in this scenario doesn't have the right permissions.  The same method can then be used before all sorts of actions are taken.

A similar method can be used to determine if a certain user interface element should be enabled or disabled.  Why even allow execution of a pipeline if the user isn't allowed to do so?  So we need a different method which queries security permissions as well.