Respect dataset visibility

[jonc125]

The initial implementation in #185 didn't include any visibility checks, so e.g. at present anyone can overlay other users' private datasets. (Because experimentversion_detail.html just iterates over experiment.protocol.protocol_experimental_datasets.all)

• Ensure that a new dataset can't be linked to a non-visible protocol - probably requires filtering in the appropriate form? (cf https://github.com/ModellingWebLab/WebLab/pull/222/files#diff-d5c6e6ad5fedad21b166e67f131beb44)
  • Maybe even sort the visible protocol list, so your own protocols come first, followed by moderated ones? This isn't necessary though, so only if it's easy!
• Ensure the only datasets you can overlay are ones you can see
  • Filter the list presented, possibly by adding a helper templatetag that does the filtered DB query
  • And ensure that if a non-visible id is passed to the view datasets:version_json, it gives an appropriate error
• Make sure we have tests checking the above work

#184 might be a useful refactoring before tackling this issue? I don't think it's necessary though, so probably not.

[jonc125]

This would be a reasonable issue to work on while waiting for my review @sroderick-g5sro.