default ACL for data packages
When data packages are saved, they should automatically have a default ACL that
specifies who can have read and write access to the files. By default, Morpho
should send an ACL for all of the components with RW access for the submitter
and for all of the originators, but nobody else. Morpho should search the ldap
server for the originators to determine the appropriate username and authSystem
for the originator (this might be part of the data entry process for entering
users as originators).