Add group resolution from security context.

[Varbin]

To use the "new" method, set Config.ServerName to an empty string when Config.EnumerateGroups is set; to continue asking another server set Config.ServerName to a valid server name.

Closes #1.

The set of groups returned from the new method are quite different from the old one, but should roughly return the same results as whoami /groups:

• Deny only groups will not be returned. Such groups are "Administrators" and "Domain Admins". This might be unexpected - but the restricted tokens created by UAC are also used for network operations. Administrators can run the client software elevated to get "back" such groups.
• By contrast, groups added by e.g. PAM/MIM or AMA should now be properly included as well.
• Nested groups are properly resolved.

[quasoft]

Thanks for the contribution!

Will need some time to check it out.

[quasoft]

On second look it still looks pretty good. Thanks again for the excellent effort!

The token based enumeration is definitely the preferred way, so in a future major release will consider deprecating the ServerName config field and the GetUserGroups() func altogether.