sudo: solve problems with fully qualified names
    
    sudo expects the same name in sudo rule as login name. Therefore
    if fully qualified name is used or even enforced by setting
    use_fully_qualified_names to true or by forcing default domain
    with default_domain_suffix sssd is able to correctly return the
    rules but sudo can't match the user with contect of sudoUser
    attribute since it is not qualified.
    
    This patch changes the rules on the fly to avoid using names at all.
    We do this in two steps:
    1. We fetch all rules that match current user name, id or groups and
       replace sudoUser attribute with sudoUser: #uid.
    2. We fetch complementry rules that contain netgroups since it is
       expected we don't have infromation about existing netgroups in
       cache, sudo still needs to evaluate it for us if needed.
    
    This patch also remove test for sysdb_get_sudo_filter since it wasn't
    sufficient anyway and I did not rewrite it since I don't thing it
    is a good thing to have filter tests that depends on exact filter
    order.
    
    Resolves:
    https://fedorahosted.org/sssd/ticket/2919
    
    Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>