Per-Application collaborators

[kesne]

Currently, you can only add a collaborator by adding them to an entire organization. Instead, we should allow there to be per-application collaborators.

Alternatively, this could be done by making our organization permission system very granular, such that you can grant permissions in an individual application.

[kesne]

After thinking about this, I think the way we would do this would be a new Collaborator entity. I imagine it'd be modeled roughly like this:

type User {
  id: ID!
}

type Application {
  id!
  collaborators: [Collaborator!]!
}

type Collaborator {
  application: Application!
  permission: Permission!
  user: User!
}

The key things are that the Collaborator basically acts as glue between the user and the application. The main reason it's not included directly is so that we can provide collaborators a permission level. Once we figure out org-level permissions in general, I think we can just extend that to collaborators.

On organizations

I'm a little bit unclear what this means for organization management though. Right now applications appear under the organization, so we would need to automatically grant some permissions on the org to the user (ability to read the org name, effectively).

Importantly, the user can't CURRENTLY become a part of the organization. Right now org membership grants a whole lot of access, and that would be bad to have a single application collaborator ruin everything. This might be easier when #23, as we could have a permission type that is an external collaborator. This would allow for users to exist under orgs (which is good!) but only have access to individual applications (also good!)