Support field-level authorization

[gmac]

It'd be nice to formally support field-level authorization through the query planner, similar to other federation libraries. A few specs:

• Unauthorized fields are simply filtered out of the request by default.
• A setting opts requests with unauthorized fields into returning immediately with an error.

It looks like @mikeharty has been doing some auth work in his custom executor. Mike – any chance you could elaborate here with more on how the feature could/should work with what you're already doing?