Unwrap PermDetails for canChgrp/canChown detection

[joshmoore]

PermDetails objects are being passed to the BasicACLVoter.postProcess
method when new map(x_details_permissions) is used in the HQL query.
Not having access to the original object confuses the security system
leading to incorrect can* values. This permits unwrapping of internal
PermDetails instances.

See:

• Add wrapper class for loading permission info (Fix #12474) #3910
• https://trello.com/c/QbdB9M8k/115-canchgrp-canchown-bug

What this PR does

• Makes the permission flags of IQuery.projection(new map(...)) match those of IQuery.get(...), e.g.

In [27]: q.get("Project", 1).getDetails().getPermissions().canChgrp()
Out[27]: True

In [28]: q.projection("select new map(p as p_details_permissions) from Project p where p.id = 1", None)[0][0]._val.values()[0]._val["canChgrp"]._val
Out[28]: True

Testing this PR

1. create a single object (e.g. Project) belonging to root
2. load canChrp in the two ways shown above
3. compare that True is returned in both cases

Related reading

1. https://trello.com/c/QbdB9M8k/115-canchgrp-canchown-bug
2. enhance setting canChgrp, canChown permissions bits #5431

[mtbc]

@will-moore should review too with respect to #5352.

[will-moore]

Permissions tests now passing: https://ci.openmicroscopy.org/job/OMERO-DEV-merge-integration-Python27/630/testReport/OmeroPy.test.integration.test_permissions/
Good to merge from me.

[joshmoore]

Merging this so that latest remains green. Happy to discuss more complete solutions if anyone foresees issues (i.e. other checks that need the correct class)