Bug 2526: default ALLOW when no list specified.

Bug 2526: default ALLOW when no list specified.

The expected behavior of ACL checking should cause an implicit default
deny state to be reached unless a terminating denial causes a state to
flip to allow.

A small logic flaw means that completely explicitly absent access control
list was flipped to ALLOW state.

It is believed that most security controls which have explicitly coded
defaults in ther configuration are not impacted by the bug or its fix.
Only empty delay pools and ICAP re*mods are expected to have any change
in behavior as a result.