auth: print permissions for @ALL also

I don't have a use for "@ALL" at all (pun not intended!) other than the
"testing" repo, but <teemu dot matilainen at iki dot fi> sent in a patch
to mark those repos with "R" and "W" in the permissions list, and I
started thinking about it.

This could actually be useful if we *differentiated* such access from
normal (explicit username) access.  From the "corporate environment"
angle, it would be nice if a project manager could quickly check if any
of his projects have erroneously been made accessible by @ALL.

So what we do now is print "@" in the corresponding column if "@ALL" has
the corresponding access.

Also, when someone has access both as himself *and* via @ALL, we print
the "@"; printing the "R" or "W" would hide the "@", and wouldn't
correctly satisfy the use case described above.

update hook: 'sub check_ref' to prepare for rebel+

factor out the code to check $ref into a sub; will help rebel+, which
wants (horrors!) to restrict based on PATH names too!

new program for emergency addkey; run without args for usage

doc/src: major doc/help text revamp

also removed some dead code from compile (pre PTA days)

auth, doc/3: print useful information when no command given

Merge branch 'system-install'

Merge branch 'easy-install'

easy install: non std git location needs fix in easy install also

Merge branch 'master' into delegation

compile+conf: allow lists (@listname) for reponames too

why should just usernames have all the fun :)  The "expand_userlist" function
is now "expand_list" and serves generically.  The example conf has also been
updated correspondingly