implement <allow_any> to specify default answer for any user

implement <allow_any> to specify default answer for any user

This is useful in instances where the OS vendor wants to allow any
user, even remote users logging in via ssh etc., but recognize that
some sites may want to lock this down to a limited set of users.

Suggested by Daniel P. Berrange <berrange@redhat.com>:

<danpb>  my specific use case is that in libvirt we don't mind any user
         querying for VM status info by default
<danpb>  but some admins may wish to lock that ability down
<danpb>  so only designated users can query VM status
<davidz> right
<davidz> it makes sense
<davidz> without having giving it too much thought; adding another stanza to
         the .policy file might make sense
<davidz> <allow_non_session>yes</allow_non_session>
<davidz> danpb: would that work?
<danpb>  yeah, that'd do the trick
<davidz> cool
<davidz> I'll add it then