High: fencer: restrict certain IPC requests to privileged users

This is a partial fix (along with two previous commits) for CVE-2020-25654.

The fencer IPC API allows clients to register fence devices.

If ACLs are enabled, this could allow an ACL-restricted user to bypass ACLs to
configure fencing. If the user is able to install executables to the standard
fencing agent locations, have arbitrary code executed as root (the standard
locations generally require root for write access, so that is unlikely to be an
issue).

If ACLs are not enabled, users in the haclient group have full access to the
CIB, which already gives them these capabilities, so there is no additional
exposure in that case.

This commit does not restrict unprivileged users from using other fencing API,
such as requesting actual fencing.