Rework permissions filter to not use Count
Instead use IN WHERE.
This has a small performance boost for planning and a sizeable 10% boost for filtering against matching permission groups. (when a user is logged in)
The restricted_by_perm and filter_by_perm have been rolled in
to the one function. A include_objects_without_permissions
controls if the objects without permissions will be included
in the query.
Also use has_perm function in managers and remove if-else staircase
has_perm function already short circuits on superusers:
No need to check for superusers for permissions bypass.