Licence: Provide CAF Login Exception

With the current AGPLv3 licence, someone who deploys a modified CAF
must make available their whole web application to all callers.  This
means that it is not possible to deploy a completely private web
application using CAF.

I don't think this is desirable.  My intention in using the AGPLv3 is
not to force everyone to publish their source code outside their user
community.  To put it another way: I want to flatten the power
relationship between a website's users and its operators.

But it is not my aim to undo the power imbalance between a website's
authorised users and other people on the internet.  Indeed such an
objective would be bizarre for a module whose function is to enforce
access control.

I do want to try to make it possible for authorised users of a
website, who don't like the decisions made by its operator, to set up
an instance of their own, with modifications to their own taste.

I'm therefore providing what I'm calling the "CAF Login Exception, v1"
as an Additional Permission (as contemplated by AGPLv3 s7).

I have also discussed this with my management at Citrix (since Citrix
is also a copyrightholder).  Permission was granted orally by my line
manager in an in-person coversation on Tuesday the 27th of October.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>