* src/oddjob_dbus.c,src/oddjobd.c: reorder so that PolicyKit checks
happen last, and track whether it's a "for-real" vs. "for-example"
authz check, so that we only revoke one-shot authorizations if we
actually mean to do so.
* src/oddjobd.conf.5.in: add an example of using a PolicyKit
authorization in an ACL.