Allow `@authorization` to be used on relationship fields to protect particular relationship operations

[jroith]

Current @authorization support selecting an operation, such as CREATE, DELETE, UPDATE, CONNECT and DISCONNECT. It seems like connect and disconnect would apply to ANY connection being made. Sometimes we want to prevent all connections, except one. And sometimes we want to permit all connections expect one.

Have you considered making the configurable - perhaps based on white or blacklisting edge names per type for simplicity?

[jbhurruth]

@darrellwarde, has anyone considered this? This feels like a big feature and would massively expand the flexibility of the auth system. I find it odd how I can set authorization rules for individual fields but not relationships