this subtasks goes along with
OAK-526: for efficient permission
evaluation the compiledpermission implementation should not attempt
to collect the relevant ac-content such as looked at and written by
the jcr ac-mgt implementation. instead it should make use of the
persisted effective permission for the dedicated set of principals
that forms the subject of a given contentsession.
- privileged access to the effective permission store (independent of
the content sessions permission)
- ability to read all required information from the target tree/property
that is passed to the hasPermission/canRead call.
- efficient handling of pluggable restrictions
- special handling for access control content an items residing inside
the version store.