Multitenancy in contrib/auth

[plunkettscott]

it would be great for the built-in auth package to provide support for multi-tenancy, where an Actor exists for each tenant or is otherwise aware of its permissions in each tenant.

I believe a workaround now is to instantiate custom repositories that automatically add a specific filter to existing queries, like filtering by tenant ID. This would allow calling Fetch on the ActorRepository to scope the query to the tenant set on the repository.

I’m still trying out some APIs to bring this into a more first-class feature, but I wanted to get this out here in case anyone else has existing ideas on how to do this.