[BE] Support dynamic boundaries

Depending on the outcome of user testing, we might want to support, in addition to static groups and projects, dynamic granular scope boundaries:

• personal projects
• all groups and projects the user is a member of

The Authz::GranularScope model should be able to support these dynamic boundaries and the validation of boundaries (the permitted_for_boundary? method) should respect the dynamic boundaries.