fix(object-authorization): Fix object authorization for interfaces

[tcitworld]

Very similar to #26, but for interfaces instead of unions

[gabrielpra1]

Hey @tcitworld, thank you for this PR!

However, I don't think interfaces should work exactly like Unions, because we can't always infer the authorization rules from the underlying types. It works well on your example, but it would not work for a query that fetches only common fields, since in this case we wouldn't have selections to check, as is the case for unions.

So let's say :interface has the common field :id:

    interface :interface do
      field :id, :integer
      resolve_type fn
        %{name: _}, _ -> :user
        %{total: _}, _ -> :wallet_balance
      end
    end

If we fetch only this id, the query would be allowed without any authorization checks:

  defp interface_query do
    """
    {
      interfaceQuery {
        id
      }
    }
    """
  end

Therefore, I think we need to force users to define a meta :authorize for the interfaces, and then we check that they have access to that interface, as well as all of the nested types that may be requested. Wdyt?