Support X-Gerrit-RunAs as a suexec on HTTP

If an HTTP request includes the header:

  X-Gerrit-RunAs: spearce

and is made by a user granted the runAs capability the request
will evaluate as though it was run by user "spearce", and not the
calling user. This roughly matches the behavior of suexec over SSH,
but for HTTP API requests.

The new header takes any specification for an account, accepting
Account.Id, email address, full name, or username.

Change-Id: Ieda546a0db7290e31a8941c1b761c219aa0b63f9

gerrit-common/src/main/java/com/google/gerrit/common/data/GlobalCapability.java

@@ -70,6 +70,9 @@ public class GlobalCapability {
   /** Maximum result limit per executed query. */
   public static final String QUERY_LIMIT = "queryLimit";
 
+  /** Ability to impersonate another user. */
+  public static final String RUN_AS = "runAs";
+
   /** Can run the Git garbage collection. */
   public static final String RUN_GC = "runGC";
 
@@ -103,6 +106,7 @@ public class GlobalCapability {
     NAMES_ALL.add(KILL_TASK);
     NAMES_ALL.add(PRIORITY);
     NAMES_ALL.add(QUERY_LIMIT);
+    NAMES_ALL.add(RUN_AS);
     NAMES_ALL.add(RUN_GC);
     NAMES_ALL.add(START_REPLICATION);
     NAMES_ALL.add(STREAM_EVENTS);