
Access Control Lists (ACL) are stored
as a perl string (database blob).
The strings are packed sequences of network-order shorts.  
First a flag then a userid.  Repeat as needed.

Users may belong to multiple groups.  The group
number zero is special, meaning everyone.  The group
of one is special, meaning administrators.  The userid of
zero in ACL lists is special, referng to the branch owner.

ACL are kept for comments and branches.
Only btime records with null timestamp have valid ACL.
The branch ACL is file specific.
The comment ACL is chosen randomly from one of the
files, but for nearly every commit, all files have
the same ACL anyway.

The dirent table has an acl parameter.  The parameter
is only valid for dirent file_id without revisions.

New files and directories get their ACL from their parent directory.  
New branches get their ACL from the brach they branch from.

The bits of the flag short....  (from access_html.pm)
     0x0004 => [ "visible", "Can see file exists"],
     0x0008 => [ "read-f",  "Can read file text/diffs (this branch)"],
     0x0020 => [ "delete-f","Can delete file (all revisions)"],
     0x0010 => [ "commit",  "Can check-in this branch"],
     0x0020 => [ "read-c",  "Can read comment"],
     0x0040 => [ "edit-c",  "Can edit the comment"],
     0x0080 => [ "append-c","Can append to the comment"],
     0x0100 => [ "edit-p",  "Can change access permissions"],
     0x0200 => [ "read-p",  "Can read access permissions"],
     0x0400 => [ "create-b","Can create a branch"],
     0x0800 => [ "delete-b","Can delete branch"],
     0x1000 => [ "create-t","Can create tag"],
     0x2000 => [ "delete-t","Can delete a tag"],
     0x4000 => [ "move-t",  "Can move a tag"],








