Core: read permission for assoc connecting assocs
When checking the read permission for an assoc which has an assoc player that assoc's players must be checked for read permission as well. This is a recursive operation.
At the moment the recursion is missing. This allows e.g. a logged in user to build a public topicmap which lets the webclient crash when an anonymous user tries to load that topicmap. This is what a demo user has done recently.