Provide a way to expose authorization metadata through the graphql schema

[dimatill]

• Every (or certain) Object types could have a special __auth field of AuthMetadata type
• AuthMetadata type could have 3 fields: query: AuthMetadataQuery, mutation: AuthMetadataMutation, subscription: AuthMetadataSubscription
• Each of the three AuthMetadataX types could have corresponding fields (all queries, mutations, subscriptions)
• Each field of AuthMetadataX could have 1 argument which accepts JSON string
• Argument could contain information about arguments of corresponding query, mutation, subscription
• Argument could contain placeholders which could be evaluated later
• Placeholder could have an access to the parent entity e.g. $$parent.id
• Validation of the argument could be done in graphql validate phase
• Alternatively, some kind of 'virtual' variable could be introduced e.g. $parent
• The result of resolving such fields could be the information on whether authorization is passing or not with the current context and provided args
• Resolving of such fields could just execute auth rules, but not actual resolvers

Example query:

query post($id: ID!) {
  post(id: $id) {
    id
    title
    content
    author {
      id
     }
    __auth {
      mutation {
        deletePost(args: "{ \"id\": \"$$parent.id\" }")
      }
      query {
        userInfo(args: "{ \"userId\": \"$$parent.author.id\" }")
      }
    }
  }
}