Maybe the PermissionModel could be configured more explicitly?

Currently the PermissionModel is found by scanning all `EntityScanPackages` for a `PermissionModel` annotation. 

Maybe it's better to throw away the scanning and configure the class explicitly.