This change prepares the unit tests for when the ACI handler will get enabled by default.  Most of the failing tests are fixed by adding bypass-acl privilege to the entries of the users the failing tests bind as.

This change also includes an important fix to the server for operations carrying the proxied auth control.  The ACI check in the core operation is moved after the controls processing to ensure that the correct authorization user is picked up, and the ACI handler now gets the authorization user from the operation rather than the connection.