How to blow up in `access_policy` if `security_context` does not have specified member?

[mzealey]

I'm building an access_policy approach as per:

cube/packages/cubejs-testing/birdbox-fixtures/rbac/model/cubes/users.yaml

Lines 23 to 26 in b8afc84

	filters:
	- member: "{CUBE}.city"
	operator: equals
	values: ["{ security_context.auth.userAttributes.city }"]

It's a great feature and will massively simplify our config because different tables have different RBAC from the token. However (and I'd imagine it's quite a common case - hence raising it here), we need to blow up if the given security_context does not have the specified attribute. If it's a nested attribute then this will blow up correctly (as dereferencing an undefined object), however if it's just security_context.xxx it will interpolate as undefined.

[mzealey]

OK I see I can actually do this per

https://github.com/cube-js/cube/blob/master/packages/cubejs-testing/birdbox-fixtures/rbac/model/cubes/users.yaml#L28-L32