Integrate extended ACLs syntax featuring 'port' and 'transport' opts

This commit completes the integration of the new, extended ACL syntax
featuring 'port' and 'transport' options.

The runtime presentation and ACL loading code are extended to allow
the syntax to be used beyond the 'allow-transfer' option (e.g. in
'acl' definitions and other 'allow-*' options) and can be used to
ultimately extend the ACL support with transport-only
ACLs (e.g. 'transport-acl tls-acl port 853 transport tls'). But, due
to fundamental nature of such a change, it has not been completed as a
part of 9.17.X release series due to it being close to 9.18 stable
release status. That means that we do not have enough time to fully
test it.

The complete integration is planned as a part of 9.19.X release
series.

The code was manually verified to work as expected by temporarily
enabling the extended syntax for 'acl' statements and 'allow-query'
options, including ACL merging, negated ACLs.

lib/ns/client.c

@@ -2553,6 +2553,7 @@ ns_client_checkaclsilent(ns_client_t *client, isc_netaddr_t *netaddr,
 	dns_aclenv_t *env = client->manager->aclenv;
 	isc_netaddr_t tmpnetaddr;
 	int match;
+	isc_sockaddr_t local;
 
 	if (acl == NULL) {
 		if (default_allow) {
@@ -2567,7 +2568,13 @@ ns_client_checkaclsilent(ns_client_t *client, isc_netaddr_t *netaddr,
 		netaddr = &tmpnetaddr;
 	}
 
-	result = dns_acl_match(netaddr, client->signer, acl, env, &match, NULL);
+	local = isc_nmhandle_localaddr(client->handle);
+	result = dns_acl_match_port_transport(
+		netaddr, isc_sockaddr_getport(&local),
+		isc_nm_socket_type(client->handle),
+		isc_nm_has_encryption(client->handle), client->signer, acl, env,
+		&match, NULL);
+
 	if (result != ISC_R_SUCCESS) {
 		goto deny; /* Internal error, already logged. */
 	}