Bug 28948: Add a generic way to handle API privileged access attributes deny-list

Bug 28948: Add a generic way to handle API privileged access attributes deny-list

This patch introduces a way for Koha::Object(s)->to_api to filter out
attributes that require privileged access. It is done in a way that the
'public' parameter is recursively passed to nested objects in recursive
to_api() calls.

This way, Koha::Object-based classes can determine how they will render
depending on this parameter. For example, for implementing a
route for fetching an library looks like:

GET /libraries

The controller will look like:

my $library = Koha::Libraries->find( $c->validation->param('library_id') );
return $c->render(
    status  => 200,
    openapi => $library->to_api
);

Implementing an unprivileged (public) route would look like:

GET /public/libraries/:library_id

The controller will look like:

my $library = Koha::Libraries->find( $c->validation->param('library_id') );
return $c->render(
    status  => 200,
    openapi => $library->to_api({ public => 1  })
);

To test:
1. Apply this patch
2. Run:
   $ kshell
  k$ prove t/db_dependent/Koha/Object*.t
=> SUCCESS: Tests pass (i.e. current behaviour is kept, new behaviour
        passes the tests)
3. Sign off :-D

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>