(core) check row-level permissions on incoming actions

Summary:
This improves support for access control on document modifications.  It adds:

   * Checking of create/remove/update access for row-level changes.
   * Use of `newRec` variable in formulas.

It is now possible to have distinct clients with read+write access to different rows of the same table.

This is another incremental step.  There are deficiencies in actions that include schema changes, and many other lacunae. But the overall flow is taking shape.

Access control is done at the DocAction level, requiring the sandbox to process the UserActions, and then be reverted if the action proves unlawful.  This could be optimized away in many simple and important cases, but I'm not sure it is possible to avoid in general.

Test Plan: added tests

Reviewers: dsagal

Reviewed By: dsagal

Differential Revision: https://phab.getgrist.com/D2677

app/server/lib/DocSession.ts

@@ -15,7 +15,8 @@ export interface OptDocSession {
   linkId?: number;
   browserSettings?: BrowserSettings;
   req?: RequestWithLogin;
-  mode?: 'nascent'|'plugin'|'system';   // special permissions for creating, plugins, and system access
+  // special permissions for creating, plugins, system, and share access
+  mode?: 'nascent'|'plugin'|'system'|'share';
   authorizer?: Authorizer;
 }
 
@@ -30,7 +31,7 @@ export function makeOptDocSession(client: Client|null, browserSettings?: Browser
  *  - plugin: user is treated as editor (because plugin access control is crude)
  *  - system: user is treated as owner (because of some operation bypassing access control)
  */
-export function makeExceptionalDocSession(mode: 'nascent'|'plugin'|'system',
+export function makeExceptionalDocSession(mode: 'nascent'|'plugin'|'system'|'share',
                                           options: {client?: Client,
                                                     req?: RequestWithLogin,
                                                     browserSettings?: BrowserSettings} = {}): OptDocSession {