Reduce permission store lookups for empty principal sets

In the case of empty principal sets in the session (no user principals or no group principals in the session) it can happen that a check for read access will trigger a full traversal up the tree to the root node.

Example: A session based on a principal set P = [u0, g0] (u0 is a user, g0 is a group) tries to load a path /p0/p1/p2/p3.
The evaluation will be:

• first the set P is split in 2 parts by users/groups (X set of user principals, Y set of group principals)
• first for X (user principals), walk up the tree from the current path until there is a relevant entry (or root node)
• if nothing was found try again with Y (group principals) up to a relevant entry or root node
• if X or Y is empty the evaluation will use an empty flag in the PermissionEntryProviderImpl which will return empty lists.

The trouble is that with en empty sets X or Y there is not a clear distinction between 'no principals' and 'no entries' so it can happen that there is a traversal happening from the current path up to root. This can be bypassed by using a null PermissionEntryProvider instead of the empty version.

The chances that this happens are pretty small, so I'm marking the issue as a trivial improvement.