Instead of authenticating Executor, authenticating AbstractProjects.

This is necessary because a part of the access control is determining which Executor can accept which Queue.Task, so we can't have the authenticator taking Executor as a parameter.

I briefly thought about changing ExecutorAuthenticator to authenticate Queue.SubTask, but doing this intelligently is very difficult as an authenticator wouldn't really be able to make any sensible decisions unless it checks for specific subtypes (think of the dist-fork plugin and the remote terminal access plugin that implements Queue.Task.) So I made the change to have it accept AbstractProject, which is really the primary use case anyway.

The relevant classes are renamed to better represent what it does now.