When conducting a search, all matching items are
returned. This leads to problems when displaying the
search result to a user, that does not have permission
to view all items. While items can be filtered in the
output template, the filtering should take place in the
core, so that hit-counts are also displayed correctly.

The proposed patch adds a method filterByPermission to
security.py, that takes a list of itemids and returns a
list of itemids that the user is allowed to act upon.
filterByPermission is used in HtmlRequest.batch() to
reduce the resultset.