Add possibility to delegate credentials of one session to another

With the added possibility of specifying additional run-time domain rule extensions.

The direct use case to solve is to disallow cms users that are not allowed to see certain documents (embargoed) to see those documents via the cms preview which is rendered with a dedicated hst preview user. The proposed solution is to restrict the basic preview user all access except on pure public, non-embargoed documents. Then, in order to allow cms users that have privileges on embargoed documents to preview those embargoed documents, we need a preview session that has privileges that are a combination of the privileges of the cms user and those of the preview user.

We achieve this by creating a new session from the preview session that has cms user privileges delegated to it: previewSession.createSecurityDelegate(cmsSession).

However, because the cms user can also see live documents this would mean the template composer would show the live version instead of the preview version (live/preview selection is done using access rules). This means that in addition to credential delegation, we need a way to augment the existing domainrules programmatically (i.e. add extra facet rules).