feat: tenant-scoped policy loading for GORM adapter #12
Description
Problem
When using the GORM adapter with a database, all policies are loaded into a single enforcer from a single casbin_rule table. In multi-tenant applications, this means every tenant's policies are loaded into memory even when only one tenant's policies are needed for a given request.
Proposed Solution
Option A: Add a filter config to the GORM adapter that applies a WHERE clause during LoadPolicy, filtering on a V-column that holds tenant_id. Casbin's FilteredAdapter interface supports this.
Option B: Support a table_name template that resolves per-tenant, e.g., casbin_rule_{{tenant}}, mirroring the database.partitioned pattern.
Use Case
Multi-tenant application where each tenant (affiliate) has independent role definitions and resource permissions. The database.partitioned module already handles per-tenant data isolation via LIST partitions — authorization needs a similar model.