In addition to checking a standard permission on a custom object, you
could instead check a custom permission on the package_id. E.g.,
define a custom "script_foo_execute" privilege for your package, and
set/check whether the user has that permission on the package_id. I'm
not sure which way would be better (cleaner or faster) in what cases.
