X-Gerrit-RunAs was broken with digest auth (which is used by the
acceptance tests), because its filter was installed before
RequireIdentifiedUserFilter. This would result in 403 before getting a
chance to 401 to complete the digest auth step. Fix this by moving the
RunAsFilter.Module into the appropriate place in UrlModule. This has
the additional effect of disabling the filter in slaves, but that's
fine, most URLs weren't mapped anyway.
Add a sanity check preventing RunAs from kicking in for anonymous
users. An admin who accidentally allows that has just given everyone
admin access to their server.
Add some tests to ImpersonationIT.
Change-Id: I11bbc0153e3d87b3a4161525daa62e811ea1119d
0a1762cfe7