Don't display the AMI ALL class authorization for users if they don't have it

When converting AMI class authorizations to a string representation, the
method always appends the ALL class authorization. This is especially
important for events, as they should always communicate that class
authorization - even if the event itself does not specify ALL as a class
authorization for itself. (Events have always assumed that the ALL class
authorization is implied when they are raised)

Unfortunately, this did mean that specifying a user with restricted class
authorizations would show up in the 'manager show user' CLI command as
having the ALL class authorization.

Rather then modifying the existing string manipulation function, this patch
adds a function that will only return a string if the field being compared
explicitly matches class authorization field it is being compared against.
This prevents ALL from being returned unless it is actually specified for
the user.

(closes issue ASTERISK-20397)
Reported by: Johan Wilfer
........

Merged revisions 381939 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 381943 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@381949 65c4cc65-6c06-0410-ace0-fbb531ad65f3