Allow to limit 'run_as' feature

[mzueva]

Background At the moment when a user is allowed to use run as feature with some service account, the user can use it for any available pipeline or tool. This may lead to some security problems, especially if the service account has wide permissions. It would be helpful to allow to limit to which pipelines and tools run as feature can be used.

Approach When a user is granted run as permission to another account, we can specify only access type (SSH, Endpoint). The following options shall be added:

• pipelinesAllowed (boolean) - whether user can launch any pipeline with run as feature. If this value is not set (null), user can launch pipelines to preserve existing behaviour.
• pipelines (list of long ids) - if specified limits pipelines to be launched by the user with run as feature
• toolsAllowed (boolean) - whether user can launch tools with run as feature. If this value is not set (null), user can launch tools to preserve existing behaviour.
• tools (list of long ids) - if specified limits tools to be launched by the user with run as feature

Note: For pipelines run as availability shall be checked actually for both: for pipeline itself and the tool