Simplify the setup and injection of DomainExtensionRules for SessionDelegation

The SessionDelegation feature (see REPO-669) uses rather complex and confusing logic for setting up and 'injecting' facet rule extensions on top of the existing facet rules of a user. Which logic and usage is spread across several methods in several classes (SessionHelperImpl, HippoAccessManager, AuthorizationQuery) and requires an additional 'helper' FacetRuleExtensionsPrincipal for 'injecting' the (not yet applied) facet rule extensions into the new delegated session. 

After thorough analysis of that logic it became clear this can be done much simpler and straightforward, and all in one place (within SessionHelperImpl), by just replacing the existing FacetAuthDomains for the target delegated session with reconstructed ones which already has all the facet rule extensions applied upfront, and thereby cleaning up and removing the confusing logic and collaboration with and within the HippoAccessManager. 

After this straightforward and actually pretty trivial refactoring (the logic to apply the extensions is and was really simple, just confusing to read before), the HippoAccessManager no longer is and needs to be aware at all of this feature.

I've verified everything still works as expected (and all tests pass), and as result we also no longer need the weird FacetRuleExtensionsPrincipal.