cubicweb-collaboration #3814292 only handle entity types and rdefs strictly in the container in security setup [validation pending]

The permissions rules (e.g. based on can_write relation) just assumes that entities are always linked a container, despite the application schema may not enforce it.

priorityimportant
typebug
done in1.0.0
load2.000
load left0.000
closed by#d0c07957b90f Do not set permissions on entity types which instance can live outside the container
patchDo not set permissions on entity types which instance can live outside the container [applied]Do not set permissions on relation definitions for which the parent entity can live outside the container [folded]Relax permissions for relations between entities not in a container [rejected]Relax permissions for entities not in their container [rejected]