Support PrincipalSetPolicy being used with AEM 6.3 CUGs

[kwin]

Similar to what was done for Apache FileVault (https://issues.apache.org/jira/browse/JCRVLT-111) the ACTool should support the new org.apache.jackrabbit.api.security.authorization.PrincipalSetPolicy (introduced with Jackrabbit API 2.11.0). This new policy is used for Closed User Groups (CUGs) in AEM 6.3 (https://docs.adobe.com/docs/en/aem/6-3/administer/security/custom-user-groups.html#Apache%20Jackrabbit%20API and http://jackrabbit.apache.org/oak/docs/security/authorization/cug.html).

[kwin]

We should not implement that until we have a convincing use case for setting CUG ACEs with the ACTool.

[kwin]

This is related to #369