Support for dynamic ACLs from VMODs and other related topics

[nigoroll]

This ticket is to ask for comments, feedback and suggestions before starting a PR:

I could not help but write a vmod to support dynamic ACLs because of a stackoverflow post which triggered my buttons.
Doing so I noticed that we lack support in Varnish-Cache to do this properly:

• typedef acl_match_f and struct vrt_acl could probably be moved to vrt.h
• vss.h could probably be added to the installed headers?
• To properly support anything but vcc-compiled acls, struct vrt_acl should gain a void *priv pointer member to be passed as an argument to acl_match_f - or we could pass to acl_match_f all of the struct vrt_acl *.
• Maybe for later: As with other types, we have a scope/lifetime issue here in particular. For example, how could a vmod prolong the lifetime of a VCL_ACL from task to vcl scope? As the acl implementation is arbitraty, I guess we might want to move the name and match members of struct vrt_acl to a struct vrt_acl_methods, which could also gain something like a struct vrt_acl *extend(struct vrt_acl *, enum scope) callback which to return a clone with an extended lifetime.