implement `visitObject()` so the directives can be applied to objects.
I have applied them to all mutations and tests all still pass.
NOTE: i feel like there must be a way to abstract and reuse directive
definitions as it's very repetitive, but I'm a bit too brain dead today
to think of an elegant solution
@isAuthorized directive for Stream, Branch, and Commit
this is a light wrapper around `authorizeResolver` which finds the
`resourceId` depending on where the request is coming from.
it's still not super cleand and I will continue thinking about how to
improve this despite inconsistencies with the id location
izzy lyseggen