acl: support for getting authenticated user from web server (issue298)
Previously, the acl extension just read the current system user, which
is fine for direct file system access and SSH, but will not work for
HTTP(S) as that would return the web server process user identity
rather than the authenticated user. An empty user is returned if the
user is not authenticated.