Company permissions overhaul

Right now, permissions are rigid. Members have permissions, and those permissions apply to all objects within the company.

There needs to be a more granular approach. Instead of a member-company permission, it would be a member-company-object permission, where object can be all objects or a specific object.

At some point (or even in this iteration) we might want to add "groups of objects" (like, tagging) such that permissions are member-company-tag/object.