Allow removing prefix from URL / remove dynamic params (middleware)

[webpolis]

Now, if we have a route like /api/users, we can remove the api prefix by passing a negative number to the middleware method; so, I'd do middleware(-1) to remove first part of the URL, or -2 to remove first 2 pieces of the URL.

Also, as part of this PR, we're now able to pass an additional argument to middleware(...) method: this new argument named dynamicParams, will set a list of URL parameters (as defined via express router, for example) that will be excluded from the resource name when checking permissions.

ATM, we didn't have a way to define a route (like a view endpoint, whose path looks like /user/89324892384) having a predefined parameter which is dynamic (:id, in this case). So, if I do:

acl.middleware(-1, getUser, 'view', ['id'])

I'm stating that the ACL module must only check for view permission over the rest of the resource's name, excluding the :id part.