This is a replacement for util/user.[ch]. It is written in Rust, but
exposes a C API that can be used by dbus-broker.

The new accounting system uses the acct_* namespace to ease the
transition and avoid naming conflicts. Furthermore, the system is
written in Rust and relies on the new build-system support for Rust
code (see #392).

Note that this is a single commit on top of #392. Once the Rust support is merged, this rebase is not necessary, anymore. Also note that this only introduces the accounting system as an alternative, it does not disable the old one, yet.

The accounting system works with the same algorithm as the previous
flat-accounting model, but extends it to a 2-layered hierarchy. The
algorithm is adopted to support an arbitrarily nested hierarchy, but the
code will only expose 2 layers:

1. As before, all users are assigned a flat resource limit that they get
   full control over. But when user boundaries are crossed, a quota is
   applied to guarantee fair resource sharing. The algorithm used is
   still the fairdist, but the allocators were improved on.

2. Beneath the user quotas, a new layer is introduced. Rather than users
   claiming resources, now all operations originate from an Actor.
   These always operate on behalf of a user, but allow us to distinguish
   different actors of the same user. A new resource tracing system is
   now added analog to the user quotas. It operates above the quotas and
   ensures we can semi-protect individual actors of the same user (which
   was not possible before). We do not provide a fully fair policy on
   this level, however, since no privilege boundaries are crossed.
   Instead, this provides a semi-fair policy which is a lot more
   lenient, but still allows us to protect against failing clients.