Cell-level access control

[isedwards]

Initial work with sqlalchemy-oso shows that it can control table and row-level access.

We also have the requirement to further restrict access to particular columns. As an example, a user may be limited so that they can only write to the comments column of the observations table. I imagine a custom software interface in top of sqlalchemy-oso would be easy to bypass, alternatively it may be possible to use a view or to extend sqlalchemy-oso somehow.