Make configuring security for AMQP federation user accounts simpler

When creating the user account used to restrict access when securing an AMQP federation account the currently implementation requires giving the federation overly broad access so that it can create control and event queues used for its internal mechanisms. We should make this easier and more narrow so that a federation user can be granted access to a more limited set of resources for internal federation mechanics besides access to those addresses and queues which will be targets of federation.