This adds a new method that capsulates the access check that has to be
done to decide if an admin plugin's page should be shown to the user.
The default implementation is the same as before, relying only on the
forAdminOnly() method and the users' isadmin or ismanager status.

Admin plugins themselves can override the method to do additional
checks. In this patch, I added that to the usermanager plugin which will
only return true if the current auth backend can list users.

However the real idea behind this change is that the new method emits a
new event called ADMINPLUGIN_ACCESS_CHECK which would allow plugins to
overwrite it. This way it could be possible to give certain user groups
access to certain admin plugins without giving them admin or manager
permissions.

Note: this does not change how the "Admin" link is shown, it still
depends on ismanager or isadmin. A plugin as mentioned above would need
to influence the display via the MENU_ITEMS_ASSEMBLY event.

Note: this only covers the basic access check. Admin plugins may need
further adjustments for access to other parts of the plugin (like AJAX
components). An additional commit will update this for the bundled
plugins.

Our minimum PHP version requirement is now over 5.3, so this workaround is
not needed anymore. See also c9454ee3

* Fixed identified issue with button spans by replacing missing closing span tag as identified by selfthinker, removed in ae614416.

* Changed the flow of the navigation button HTML so the navigation buttons actually flow to the right.

- replace PHP4 style class constructor function names (based on
  class name) with php 5 __construct()
Also remove some '&' reference operators used with objects
And add some object type hints

The user properties (login, real name, etc) where not properly escaped
in the user manager's edit form. This allowed a XSS attack on the
superuser by registered users.

Thanks to Filippo Cavallarin from www.segment.technology for discovering
this bug.

Since we cannot effectively filter for groups and have to work with
incremental prefetching, the ``last`` button is mostly broken/buggy.
Hence it is disabled in this usecase.

fixes possibility of a user password change being sent out when a password couldn't be/wasn't changed

compatibility with php 5.2.x (str_getcsv() is only available in
php 5.3+ and is used by user manager import feature.

- don't die at end of _export()
- internal classs wrapper method for is_uploaded_file() to allow
  overriding for use under cli & without having to upload a file

Some auth backend have bad cleaning, but that is responsibility of these.

Removed extraneous whitespace to eliminate errors reported by the
Squiz.WhiteSpace.SuperfluousWhitespace sniff.

Fix violations for Squiz.Commenting.DocCommentAlignment.SpaceBeforeTag

Conflicts:
	inc/parser/xhtml.php

Change indentation to ensure code confirms to CodeSniffer rules.

made necessary by PR#254 which adds content below these notes.