Align behavior with objects raising in __getattr__

[perrinjerome]

The observed problem was a behavior different between C and python
implementation on python 3, happening with Zope python script. When the
context can not be accessed by the current user, Zope binds a
Shared.DC.Scripts.Bindings.UnauthorizedBinding, a class that raises an
Unauthorized error when the context is actually accessed, in order to
postpone the Unauthorized if something is actually accessed. This class
does implements this by raising Unauthorized in __getattr__.

The python implementation of rolesForPermissionOn used hasattr and
hasattr has changed between python2 and python3, on python2 it was
ignoring all exceptions, including potential Unauthorized errors and
just returning False, but on python3 these errors are now raised.
This change of behavior of python causes rolesForPermissionOn to
behave differently: when using python implementation on python2 or when
using C implementation, such Unauthorized errors were gracefully handled
and caused checkPermission to return False, but on python3 the
Unauthorized is raised.

The C implementation of rolesForPermissionOn uses a construct
equivalent to the python2 version of hasattr. For consistency - and
because ignoring errors is usually not good - we also want to change it
to be have like the python3 implementation.

This change make this scenario behave the same between python and C
implementations:

• Unauthorized errors raised in __getattr__ are supported on py3.
• Other errors than AttributeError and Unauthorized raised in
  __getattr__ are no longer ignored in the C implementation.

[perrinjerome]

Some more notes:

• guarded_getattr also has the same logic of explicitly tolerating Unauthorized errors

  AccessControl/src/AccessControl/ZopeGuards.py

  Lines 68 to 73 in 27d88c4

  	def guarded_hasattr(object, name):
  	try:
  	guarded_getattr(object, name)
  	except (AttributeError, Unauthorized, TypeError):
  	return 0
  	return 1

• The test reproduces a simplified version of the problem I described, it happens when calling a zope python script with proxy role, when running with security manager with "ownerous" set to false. By defining __ac_local_roles__ = {} like in the test class, it uses the same code path.
• In production the problem I observed is probably a rare case, but it seemed OK to make the code python3 implementation behaves same as python2 and C regarding this.

[dataflake]

I can't claim to understand the implications 100% but it looks like a sensible change.

[perrinjerome]

I have updated the changes here to make the C implementation behave same as the python3 implementation: only AttributeError and Unauthorized exceptions are allowed when getting the permission attribute on objects and other exceptions are re-raised. I have also adjusted the commit message of the commit changing the behavior of __getattr__ to describe the behavior.

For the testing, I have changed the test of PermissionRole to test both the python and C implementations and implemented some more low level tests there. This is another seperate preparatory commit.