Autocomplete and choices should filter results so that hidden objects are not shown.

In particular this relates to multi-tenancy support as per Isis addons security module (TenantedAuthorizationFacet).

A well-designed application should pre-filter, so that only objects that are valid for a user to see are shown in a drop-down. However, as a fail-safe, the metamodel should automatically filter out any objects to which the user does not have permission.

Note: this is very similar to ISIS-1044.