Hi all, I'm evaluating whether SpiceDB is a good fit for my use case - I'm building a web app (NextJS frontend, FastAPI backend) and we're currently using SpiceDB for evaluating CRUD permissions on API routes; however I'd like to further restrict users by customer/tenant - one user could belong to multiple tenants and have different permissions in each. Right now when a user sends a GET request, the API service is just checking if a user has a 'read' permission, and then returns all results from a SQL database. Essentially, I'd like to implement row-level security, but still keep these permissions tied into SpiceDB so there's a single source of truth... I've seen some suggestions to first query what customers/tenants a user has a relation to, and then filter the SQL like

SELECT * FROM example WHERE tenant IN (a, b, c, d)

but that does feel a bit hacky. Our app isn't going to be scaling to 1000s of relations, and that kind of SQL filtering might be fine... but for the sake of argument, is there an obvious way to ues Authzed/SpiceDB to be the source of truth for row-level security? We're also not specifically tied to any flavour of SQL - right now we're using MySQL but we can easily migrate to Postgres/MongoDB/etc.. Thanks in advance and sorry for the lengthy question!