Add support for "hidden" filter in aggregation endpoints for authorization restrictions

[philvarner]

For /aggregate and /collections/{collectionId}/aggregate, add support for a hidden _filter parameter/field that behaves the same as the existing filter field, and is AND'ed to that field, but is not included in pagination links. The intention with this is that it will be added to the request in an auth proxy (e.g., the pre-hook lambda) to filter which items the user has access to, but not be revealed back to the user in the pagination links. This also means that the proxy doesn't need to check to see if the collections restriction has already been added in pagination links, and can just add it.