[krbdev.mit.edu #7939] kadm5.acl docs wrong imply that list permission can have a target

[Greg Hudson via RT]

In kadm5.acl, list permission is all or nothing.  The only RPCs which use 
it, get_princs and get_pols, do not pass a principal argument since their 
only parameter is a pattern, not a principal name.

However, kadm5_acl.rst contains two example lines granting list 
permissions to specific target principals, and narrativel explains them 
as doing so.  The examples should be changed and we should explicitly 
state that only global list permission can be granted.

Alternatively, we could change the behavior, but that would be tricky 
since we shouldn't treat the get_princs pattern as a principal.  We would 
have to check whether the kadmin client has list privileges for any 
target principal, then check each matching principal against the ACL 
target.