Offer TrackerEndpoint access control as API

While D-Bus endpoints typically have a protection layer through the portal, some form of access control may be desirable as well on other endpoints not offered in session/system buses (e.g. HTTP, or serving over private D-Bus connections).

This MR adds:

• The TrackerEndpointDBus::block-call signal, to allow control over requests based on the sender. This is quite similar to the existing TrackerEndpointHttp::block-remote-address signal.
• TrackerEndpoint::readonly property (plus getter/setter) to disallow updates.
• TrackerEndpoint::allowed-graphs and TrackerEndpoint::allowed-services properties (plus getter/setter) to restrict control to services and graphs in queries to the endpoint.

All TrackerEndpoint properties are honored by D-Bus and HTTP endpoint subclasses.

The portal, that was doing all of this via private TrackerEndpointDBus hooks, is a prime case for this API and has been ported to it.