I have a situation where I have a parent object and a child object. Ordinarily access to the children is via the parent. But, occasionally, a user is granted a role directly on the child object. I'd like to avoid storing all the child ids in SpiceDB (there are hundreds of millions of them) for the few thousand cases where a direct role was granted. However, without that stored the app is left with two authorization checks when evaluating permissions on a particular child: 1) is user granted permission because of the parent (the common case); 2) is user granted permission because of a direct grant. If there was some way for the app to provide me with all the context - subject on [child, parent] - then it'd seem like the app wouldn't be as auth aware as it would be if I had them make 2 calls. Is there some way to use a caveat to handle this situation?