Use old ALLOW rules for host-based config
To simplify upgrading an existing HTCondor pool from 8.8 to 9.0, we will restore the 8.8 rules for the ALLOW/DENY security settings when the 'use SECURITY : HOST_BASED' metaknob is used. New installations in 9.0 will not set this metaknob, part of making them secure-by-default.
Some settings and behaviors in 8.8 can't be emulated via configuration alone; they require changes to the code. For these instances, we will add a new config knob that the HOST_BASED metaknob will set.
The new config knob will cause the following changes:
If a DAEMON-level ALLOW/DENY config parameter is not defined (or is empty), use the equivalent WRITE-level config parameter value.
This knob may also need to restore the 8.8 behavior where most empty ALLOW settings defaults to *.
… and a really silly logic error that we could have avoided by copying-and-pasting more code. Patch approved.