Add support for wildcards in the warrant subject

[kkajla12]

Is your feature request related to a problem? Please describe. Currently Warrant only supports wildcards in the objectId of a warrant. This makes it possible to specify rules on all objects of a particular type. For example, the rule user:A is editor of all reports can be specified via the warrant:

{
    "objectType": "report",
    "objectId": "*",
    "relation": "editor",
    "subject": {
        "objectType": "user",
        "objectId": "A"
    }
}

This is useful because it allows developers to specify coarse-grained rules for specific users or groups when/where necessary, making it easier to manage the set of warrants in certain scenario. For example, being a member of the admin role should grant a user editor privileges on all documents. With a single wildcard warrant, we don't need to add a new warrant every time a new document is created.

However, if we instead want similar functionality flowing in the opposite direction (e.g. *any* user is viewer of document:A), it is currently not possible to easily model via a warrant. To support this sort of functionality, we should add wildcard support in the warrant subject. The warrant fulfilling our example scenario would be:

{
    "objectType": "document",
    "objectId": "A",
    "relation": "viewer",
    "subject": {
        "objectType": "user",
        "objectId": "*"
    }
}

Describe the solution you'd like Warrants should support the wildcard character as part of their subject.objectId parameter. A wildcard subject.objectId should specify that any subject of the type subject.objectType can match the warrant.

Describe alternatives you've considered N/A

Additional context Consider whether a warrant should be allowed to have a wildcard for both its objectId and its subject.objectId.