Hoodoo doesn't provide sufficient support for "_embed" permissions management

[pond]

Hoodoo doesn't yet offer any support at all for "_embed"/"_reference" implementations. For services wishing to enforce permissions, inter-resource call permissions augmentation makes life difficult - a "several hops downstream" resource endpoint may implement some embed behaviour, check its session and find that appropriate permissions exist, but won't realise that (perhaps) these are only there as part of permissions addition requested by a resource interface earlier in the chain.

Really, the only way this can be solved is through Hoodoo additions/changes; the general principle is that Hoodoo handles as much authorisation/authentication/permissions stuff as possible to minimise service author burden and minimise the chances of service oversight/omission, so really Hoodoo ought to significantly extend its support for embedding and auto-enforce permissions as far as possible.

(Intentional duplicate of #43).