[CWEP002] refactor rql read security checking
Split 'check_read_perms' into 'check_relations_perms' which checks relations
'read' permissions and 'get_local_checks' which build dictionary of local
security checks (rql expression) for variables.
This allows to check relations 'read' permissions earlier in the process and so
to prepare insertion of the rql rewriter: we want to check permissions of the
computed relation, not permissions of relations introduced by the associated
rule, to conform to the CWEP.
Related to #3546717
include README
include COPYING
include COPYING.LESSER
include pylintrc
include bin/cubicweb-*
include man/cubicweb-ctl.1
recursive-include doc README makefile *.conf *.js *.css *.py *.rst *.txt *.html *.png *.svg *.zargo *.dia
recursive-include misc *.py *.png *.display
include web/views/*.pt
recursive-include web/data external_resources *.js *.css *.py *.png *.gif *.ico *.ttf *.svg *.woff *.eot
recursive-include web/wdoc *.rst *.png *.xml ChangeLog*
recursive-include devtools/data *.js *.css *.sh
recursive-include i18n *.pot *.po
recursive-include schemas *.py *.sql
recursive-include test/data bootstrap_cubes *.py *.sql
recursive-include entities/test/data bootstrap_cubes *.py
recursive-include sobjects/test/data bootstrap_cubes *.py
recursive-include hooks/test/data bootstrap_cubes *.py
recursive-include server/test/data bootstrap_cubes *.py source* *.conf.in *.ldif
recursive-include devtools/test/data bootstrap_cubes *.py *.txt *.js
recursive-include web/test/data bootstrap_cubes pouet.css *.py
recursive-include web/test/jstests *.js *.html *.css *.json
recursive-include web/test/windmill *.py
recursive-include skeleton *.py *.css *.js *.po compat *.in *.tmpl
prune doc/book/en/.static
prune doc/book/fr/.static
prune doc/html/_sources/
prune misc/cwfs
prune goa