[WIP] Implement abstractions to annotate non-sharable datasets & objectstores.

[jmchilton]

Sketched out so far:

• Allow marking objectstores (in either XML or YAML) as private - indicating datasets stored in them should not be shared.
• Add sharable property to model.Dataset that checks its object_store_id against the configured object store to determine if it is not stored in a private objectstore.
• Add abstraction to security_agent to check if a dataset is restricted to a single user and augment galaxy.jobs.JobWrapper._set_object_store_ids and ObjectStorePopulator to prevent jobs that might create non-private datasets in private objectstores.
• Model/security layer prevents copying non-sharable dataset into libraries or attaching private sharing roles to them.
• The edit metadata form will display a message that the dataset is unsharable on the permissions page.
• Integration test case to ensure cannot upload public datasets to a private objectstore.
• Integration test case to ensure cannot modify access permissions of datasets stored in private objectstores.
• Expose information about whether objectstores are privateObjectStore metadata display (User-facing objectstore metadata. #10233).

Left to do:

• Test case to verify library sets can't be uploaded to private objectstores.
• Test case to verify private object stores operate appropriately with dynamically discovered collection datasets. (past @jmchilton had this in his notes - not sure exactly what his concern was).

xrefs:

• Previous versions of this PR:
  • [WIP] Implement abstractions to annotate non-sharable datasets & objectstores. #10840
  • https://github.com/jmchilton/galaxy/tree/sharable_data_mid2205
• The Nate white paper on related things (https://docs.google.com/document/d/1TQCbQxwLLijKHl_sZgTDQCpNXX2jejJQBljVrNslOvA/edit)
• Implementing quotas per objectstore Implement quota tracking options per ObjectStore. #10221
• Per-user objectstore configurations User-based ObjectStore #4840

How to test the changes?

(Select all options that apply)

• I've included appropriate automated tests.

License

• I agree to license these contributions under Galaxy's current license.
• I agree to allow the Galaxy committers to license these and all my past contributions to the core galaxy codebase under the MIT license. If this condition is an issue, uncheck and just let us know why with an e-mail to galaxy-committers@lists.galaxyproject.org.