[permissions] Add SettingsPermissionGuard on data model and roles features (#10063)

Adding SettingsPermissionsGuard to execute permission check. 

The guard is added directly in resolver, either at resolver level (ex:
roles) or resolver-endpoint level (ex: metadata). this can be challenged
!

packages/twenty-server/src/engine/metadata-modules/relation-metadata/relation-metadata.resolver.ts

@@ -1,9 +1,13 @@
-import { UseGuards } from '@nestjs/common';
+import { UseFilters, UseGuards } from '@nestjs/common';
 import { Args, Mutation, Resolver } from '@nestjs/graphql';
 
+import { SettingsFeatures } from 'twenty-shared';
+
 import { Workspace } from 'src/engine/core-modules/workspace/workspace.entity';
 import { AuthWorkspace } from 'src/engine/decorators/auth/auth-workspace.decorator';
+import { SettingsPermissionsGuard } from 'src/engine/guards/settings-permissions.guard';
 import { WorkspaceAuthGuard } from 'src/engine/guards/workspace-auth.guard';
+import { PermissionsGraphqlApiExceptionFilter } from 'src/engine/metadata-modules/permissions/utils/permissions-graphql-api-exception.filter';
 import { DeleteOneRelationInput } from 'src/engine/metadata-modules/relation-metadata/dtos/delete-relation.input';
 import { RelationMetadataDTO } from 'src/engine/metadata-modules/relation-metadata/dtos/relation-metadata.dto';
 import { RelationMetadataService } from 'src/engine/metadata-modules/relation-metadata/relation-metadata.service';
@@ -11,11 +15,13 @@ import { relationMetadataGraphqlApiExceptionHandler } from 'src/engine/metadata-
 
 @UseGuards(WorkspaceAuthGuard)
 @Resolver()
+@UseFilters(PermissionsGraphqlApiExceptionFilter)
 export class RelationMetadataResolver {
   constructor(
     private readonly relationMetadataService: RelationMetadataService,
   ) {}
 
+  @UseGuards(SettingsPermissionsGuard(SettingsFeatures.DATA_MODEL))
   @Mutation(() => RelationMetadataDTO)
   async deleteOneRelation(
     @Args('input') input: DeleteOneRelationInput,