[Feature Request] New "list" permission kind

ZenStack currently supports four permission kinds: `create`, `read`, `update`, and `delete`. There are use cases where we want to allow users to read specific entities but want to deny fetching a list of them. This is quite common in products like S3. A separate `list` permission will enable this scenario.