* sec_auth.cc (get_token_group_sidlist): Add CONSOLE LOGON SID on

systems supporting it.  Never add SERVICE SID but keep code in for
	future reference.  Explain why.
	(get_priv_list): Add cygpsid pointer parameter.  Point it to the
	mandatory integrity SID which matches account and privileges.
	(create_token): Fetch mandatory integrity SID from call to
	get_priv_list.
	(lsaauth): Call get_priv_list with additional NULL pointer.  Change
	comment accordingly.
	* sec_helper.cc (well_known_console_logon_sid): New static SID.
	(cygpriv): Change to structure containing extra flag to store info
	about required integrity level.
	(privilege_luid): Accommodate changes to cygpriv.  Return integrity
	level in new high_integrity parameter.
	(privilege_name): Accommodate changes to cygpriv.
	(set_privilege): Drop trailing \n from debug output.
	(set_cygwin_privileges): Don't set SE_CREATE_GLOBAL_PRIVILEGE anymore
	since it's just not needed, but keep code in for future reference.
	Change comment accordingly.
	* security.h (well_known_console_logon_sid): Declare.
	(privilege_luid): Align declaration to above change.
	* wincap.h (wincaps::has_console_logon_sid): New element.
	* wincap.cc: Implement above element throughout.

winsup/cygwin/security.h

@@ -330,6 +330,7 @@ public:
 extern cygpsid well_known_null_sid;
 extern cygpsid well_known_world_sid;
 extern cygpsid well_known_local_sid;
+extern cygpsid well_known_console_logon_sid;
 extern cygpsid well_known_creator_owner_sid;
 extern cygpsid well_known_creator_group_sid;
 extern cygpsid well_known_dialup_sid;
@@ -349,7 +350,7 @@ extern cygpsid mandatory_high_integrity_sid;
 extern cygpsid mandatory_system_integrity_sid;
 extern cygpsid well_known_samba_unix_user_fake_sid;
 
-bool privilege_luid (const PWCHAR pname, LUID *luid);
+bool privilege_luid (const PWCHAR pname, LUID &luid, bool &high_integrity);
 
 inline BOOL
 well_known_sid_type (SID_NAME_USE type)