Hello, newbie question (and I swear i've searched the docs!) - how do people protect the writing of relationships? For example, if Alice should only be allowed to write relationships relating to her, how do we block her from getting access to Bob's secret plans by writing the relationship-

document:bobs_secret_plan#owner@user:alice

I can see a couple of options- a) in the calling code, do a permission check request before writing the relationship b) don't check but ensure the calling code is trusted, validate user input etc. c) use another permission mechanism, e.g. JWT validation, OPA policy, identity-aware proxy, mTLS. Is there are way to do this inside SpiceDB itself? Can my schema define rules such that a relationship can't be written unless another condition is met?