Split CdmAuthority into operations and filters
Currently CdmAuthorities included operation evalution information (operation attribute) and filter information (permissionClass, property, targetUuid). Filter information needs to be concatenatable while the operation information is unique for all dimensions of the authority. Also filters may be reusable in other contexts (e.g. a subtree filter) - but be careful not to influence rights by redefining filters.
Therefore we may want to separate these 2 functionalities into 2 classes, the CdmAuthority class which holds operation evaluation information and CdmFilter, which holds the other information and which is referenced by CdmAuthority.
Filters can be concatenated, where the implementation of a filter needs to know how to integrate the subfilter (otherwise a filter not supported operation is thrown).
Filters are pure filter definitions. Implementing class may depend on the context the filter is used for. E.g. a filter implementation for a data export may look different then the one for granted authorities. The required implementation may be loaded via factory methods, spring prototypes, ...
Filters and authorities may have human readable representations such as "Filter on classification abc"