Update the dseecompat access control implementation to provide a mechanism for
detecting and warning administrators about the use of non-canonical hostnames
in the "dns" bind rule.  The dns bind rule requires that all addresses be
provided in canonical form or they will not match the intended target.

This change also includes special handling for the "localhost" name.  In the
event that it does not match its canonical representation, then the
corresponding rule will automatically allow the canonical name as well.  This
may be needed in some environments because the canonical hostname for the
loopback address may be something else, like "localhost.localdomain", and the
hostname "localhost" is likely to appear more commonly than other kinds of
hostnames.

With these changes, a number of reported mysterious ACI failures should go away
and the AciTests should now pass cleanly.

OpenDS Issue Number:  1385