Optimize CleanupAccessTask and checkuseraccess queries

[mikkonie]

I just realized that in my hurry to implement #2217, I did it in a rather unoptimized way.

Right now, I basically query for all ACLs under a specific path and then filter out relevant results in Python. This is, quite obviously, dumb: instead I should filter this already in the query phase for increased efficiency. The current approach might be slow with huge landing zones with restrict_colls enabled.

I'm not sure whether the PRC query interface supports this. If not, there's always the (slightly painful) option of doing raw SQL queries..

If feasible, I'll get this in v1.1.3. If not, postpone until v1.2.

(Is it too late to claim I vibecoded this and blame it on a BS generator? Asking for a friend)

[mikkonie]

This is doable with PRC queries using .filter(Criterion('!=', *Access.user_id, allowed_user_id).

Alas, chaining many of these will grow the query size and at some point iRODS reaches a limit (ask me how I know). So with projects with a large amount of owners and delegates, inherited or otherwise, this might crash the task. While there is an In operator, NotIn doesn't seem to be a thing?

Since I'm about to go on vacation and lack the time to thoroughly test this, I'll leave the potentially-inefficient queries in for now instead of intoducing potentially-crashing queries.

When I get around to doing this, I should also prof this to see which approach is indeed more well-performing in a realistic project. I might be totally off-base..