posix_acl_valid checks if an acl is valid.

It does this by traversing a simple state machine which insists that:
	ace's occur in the order
		USER_OBJ, USER, GROUP_OBJ, GROUP, MASK, OTHER;
	there is exactly one each of USER_OBJ, GROUP_OBJ, and OTHER;
	there is at most one MASK, and exactly one if there are any
		USER or GROUP aces; and
	USER and GROUP aces are sorted in order by their id's.

It also verifies that e_perm has only read, write, or execute bits set.