Add private GraphQL fields, that will not shop up in the API response

Sometimes you have fields that should be visible in the GraphQL schema, but should not show up in the API response.

e.g. we store in Documents security information like who can access that document. For the developer, it’s super useful to have an API documentation that shows all information. And for the security perspective it’s also good, because such information will never show up in the response.