Secure db access by centralising query generation through authz module

[dread]

Controllers and templates should not access db objects directly - they should do all access via authz module giving username. They are handed by a query that has already been filtered by the packages they are authorized to read.

When they request a package object, they are handed an copy of the db object - disconnected from the database - so it the db object can't be changed.

A couple of tests can be reenabled when this is done: ckan.tests.functional.test_authz.TestUsage?.test_admin_list_deleted ckan.tests.functional.test_authz.TestUsage?.test_search_deleted