The Zope security policy now raises Unauthorized for all denied
access.  This is designed to make it easier to diagnose problems in
security settings, since the Unauthorized error will propagate to
something that can display or log the error.

All 2000+ of the Zope unit tests pass with this change, but I suspect
there may be code that expects the security policy to return 0 instead
of raising Unauthorized.  If any severe issues surface, we can revert
this change.