Summary
-------

Enable code to assert a subset of its privileges without otherwise preventing
the full access-control stack walk to check for other permissions.


Motivation
----------

This is very useful when you need to enable some permissions while allowing
others to continue the stack walk.


Description
-----------

Add a `java.security.AccessController.doPrivileged` method that takes a
permission argument.

For example, some bootstrap JRE code could assert a privilege to GET a
configuration file via http:

    AccessController.doPrivileged(anon class...,
                                  new URLPermission(url,
                                                    request props ...,
                                                    "GET") ...

A `checkPermission()` for a matching `URLPermission` (done by the `http`
handler) would stop walking the access-control context (acc) stack at that
`doPrivileged()` invocation and succeed.  A check for a non-matching
`URLPermission` or some other permission, however, would match the JRE class's
generally assigned privileges and continue walking the full acc stack as if the
limited `doPrivileged()` had not been invoked.

These limited privileges are also captured by `getAccessControlContext()` and
by thread inheritance.