Adjust all permissions per user on read

[jamoore]

Permission objects which are returned along with data graphs should be adjusted in order to reflect the capabilities of the current security context. For this implementation, the permission values on the actual rows will be ignored, which is inline with the overall story (#2874).

This work includes:

• Add methods canLink and canEdit
• Add the call context map to the permissions object (see "Storing context" below)
• Make the default object factory for permissions return a non-editable version
• Perform the adjustment before returning any objects. Unloaded objects will not have permission objects, and therefore will need to be reloaded by the user.

See: ​https://www.openmicroscopy.org/site/community/minutes/minigroup/2012.03.12-groupperms

Storing Context

It would be possible to add the callcontext (#3527) to the permissions object as an Ice.Context string-string-map, but this might only make sense with the EventContext itself. However, it's not possible to have an EventContext in the Permissions object because there's already a Permissions object in the EventContext object (i.e. cyclical dep). Instead, we could move both of these context fields to Details, but then it's no longer possible for the Permissions object to make use of them in making decisions. Ergo, it's probably not that useful, and I won't worry about it for the minute. It's then the client's responsibility to keep up with the mapping from objects to the context that they were acquired from.