acl: Fix checking create (k) permission in global acl-file Just because the global ACL file hasn't changed since it was last refreshed for another ACL object, it doesn't mean that those ACLs don't need to be applied to this ACL object. This didn't usually cause problems, because the initial ACL object refresh was always done due to local-path refresh returning "needs a refresh". The only exception was when acl_object_init_from_parent() was called, because it added an empty non-NULL validity for the local-path, so the "needs a refresh" wasn't returned. This happened only when trying to CREATE or RENAME mailbox under a parent where user didn't have create permissions. This affected only when using a single global acl-file, not when using global acl directory containing per-mailbox files.

acl: Log more debug info with mail_debug=yes

acl plugin: Added an alternative global ACL file that can contain mailbox patterns. Instead of pointing the global ACL path to a directory use a file instead. The file format is "<mailbox pattern> <normal ACL line>". Most importantly this can be used to specify default ACLs for namespaces. The mailbox pattern uses "*" and "?" wildcards currently. I'm not sure if I should still change them to IMAP "*" and "%" wildcards. That would make the behavior more complex ("%" depends on hierarchy separator), slightly slower and quota code is already also using the */? wildcards..