Allow explicit definition of ACL evaluation combinator.

[amcgregor]

Defaults to first-matching, should be an option to require all.

Problematic sample case:

@when(when.authenticated)
class Example:
	@when(when.administrative)
	def example(self): pass

The expectation would be that /example is more secure than /, but when.authenticated always returns an authoritative (non-None) answer. This short-circuits further evaluation, forcing the explicit use of inherit=False.

Alternatively: evaluate how rules are nested and evaluated. Should we reverse the order of evaluation, to deepest-first?