PK's "allow_inactive" actually means "allow inactive *local* users", so
we do want to allow inactive local users to provide user connections.
We don't want to allow non-local inactive users to provide user connections.
So make the use-user-connections privilege match for both active and
inactive so we get the behavior we want.
Default to 'not allowed', distros that need backwards compatibility
can flip this to 'yes' if they need to. At this point, only power
management scripts should call these functions.
Since the new PolicyKit does away with easy checking of authorizations,
we get to implement it by ourselves, but that's OK since we can actually
use it for a lot more stuff. So add the GetPermissions call which returns
the permissions the caller actually has, and a signal informing callers
that their permissions might have changed. Hook this all up to
PolicyKit so it's useful.
