Add support for default exposures at application and controller level

[tappleby]

Often applications will need to declare default exposures both globally for the application and at the controller level.

Possible API for controllers:

before_action :expose_scope; jsonapi_expose scope: current_user; end

[beauby]

Agreed, will try to implement that over next week.