create data filter parser

[kbarbounakis]

This PR closes #96 by implementing DataModelPrivilege.scope which may be used to exclude privileges defined for specific client scopes. The meaning of "scope" is included in OAuth2 authorised environments but it can be used by any environment which implements such protocols.
e.g. Order model defines a self privilege for giving access to customers for reading their orders. This privilege may be validated only when context includes orders or orders:readonly scopes.

{
            "mask": 1,
            "type": "self",
            "filter": "customer/user eq me()"
            "scope": [
                   "orders",
                   "orders:readonly"
            ]        
}