[FEATURE] Add a privilege evaluator for resource access #5442
Description
#5281 introduced a mechanism for plugins to offload authorization flow for their resources to security plugin. However, that also introduced reliance on plugins to explicitly call verifyAccess to check whether requesting user had requested resource access. To further strengthen this, a new PrivilegeEvaluator must be added which automatically evaluates access to resources without requiring plugins to call verifyAccess.
This evaluator should also complete the sharing model that was originally proposed here: #4500