[web/request] add security_enabled method
Just forward to the underlying repo connection. This can be useful in
the ORM when dealing with a "code-only" attribute, i.e. something that
shouldn't be directly user-visible but must be accessible from a web
request.