Story #2755

Updated by Tom Clegg about 5 years ago

* Collections.get() - return a manifest_text with a +A... permission signature added to each blob locator.
* Collections.create() - verify permission signatures in provided manifest_text. Strip them before storing manifest_text in database and verifying @uuid==hash(manifest_text)@
* Python SDK, when creating a collection - strip +A... permission signatures before computing uuid (but supply them in manifest_text so they can be verified)