Let me explain a bit more in detail what we want to implement for this issue.
1. Add potential and candidate starter config on a process
2. Get a list of potential starters for a specific process definition
3. Query for all process definitions that can be started by a specific user.
We may also add some logic to the Explorer and REST API to support this, but this is all part of the Activiti Engine.
What we won't add at this moment is an actual check against the authenticated user if he/she may start a new process instance.
This logic should be implemented outside the Engine, for example in the Explorer and REST API or your own solution.