Intro:
      An organization might want to publish external endpoints for other
      organizations, but use internal endpoints (intranet) for communication
      between peers inside the organization.

      At the same time, an organization might not want to leak information
      about its internal addresses to other organizations.

      A peer has 2 endpoints when it is configured:
      1) Internal endpoint (exists anyway)
      2) External endpoint (might be configured)
      Only peers that have an external endpoint configured are supposed
      to be visible to peers outside the organization.

What's in this commit?
      This commit addresses this deal in the discovery layer:
      When a membership request message reaches a peer, it grabs all
      alive messages it posseses and sends them to the remote peer
      in a membership response message.
      Both messages are point-to-point (not "gossiped"/broadcasted).
      And need to be created in such a way to:
      1) Not tell about peers that have no external endpoint
      2) Not leak internal endpoints to peers outside the org

      This commit adds a policy to the discovery layer that enables:
      1) Filter (Sieve): Only to include peers that hold some
         criteria in the membership response message.
      2) Message mutator (Disjoiner): removes fields of the messages
         sent to remote peers that shouldn't be exposed to the remote
         peer.

How is it tested?
      I wrote a test that simulates 2 organizations, and
      a disclosure policy that fits what is going to be
      done in the next commit in the gossip layer (the layer above).
      The test checks conditions (1) and (2).

Signed-off-by: Yacov Manevich <yacovm@il.ibm.com>
Change-Id: Iade3d32b0d2a58400734b76c30189474c001718b