Expose skip command

[altschuler]

It would be very helpful to have the skip command exposed on collections. I know there is an open issue for a pagination api (#31), but just having the skip command would be useful in itself.

[danielmewes]

The risk with exposing a skip command is that someone could use it for performing a DoS attack against a Horizon server.

Currently, all Horizon commands have the property that the cost for executing them on the server is (more or less) proportional to the amount of data that the command returns to the user.
This in principle makes it harder to DoS a Horizon server (even though at the moment this protection isn't very good, because we often compute full results set server-side before we send any of it to the client).

Unless we limit the number of results that can be skipped, skip would provide an easy target for causing high load on the server (which would have to iterate over a lot of results that are skipped). It will also become somewhat unnecessary when we implement the actual pagination API, which is going to be more efficient in general.

That being said, a skip command with a limit on how far one can skip isn't completely unreasonable I think.

[bcw104]

@danielmewes
count and skip is frequently-used in many applications. Security can be handled by the users themselfs.

1. skip and count api could be enabled by config in the server side
2. when skip or count api is enabled, we can deal with DoS attack by permission control