Allow to set distinct authorizable ids and principal names for users/groups being created

[kwin]

Currently AC Tools always assumes that the authorizable id is equal to the principal name. Jackrabbit does not enforce this equality. In fact Oak uses different authorizable ids and principal names for groups created from the LDAP. Therefore I would propose the following changes:

1. Clarify in the documentation that the entry value for the group configuration (https://github.com/Netcentric/accesscontroltool/blob/develop/docs/Configuration.md#configuration-of-groups) and user configuration (https://github.com/Netcentric/accesscontroltool/blob/develop/docs/Configuration.md#configuration-of-users) refers to authorizable ids.
2. Clarify that the ACE section (https://github.com/Netcentric/accesscontroltool/blob/develop/docs/Configuration.md#configuration-of-aces) refers to principal names (which are usually equal to the authorizable ids)
3. Optionally allow to specify a dedicated rep:principalName property for both groups and users and to set that accordingly when the YAML is processed.

[ghenzler]

Points 1. and 2. are done (documentation).

@kwin Can you think of a real-world use case for 3.? (LDAP and other externalIds are covered already by externalId setting....)