DO NOT MERGE

Backport (with modifications ) some changes from Honeycomb, that would allow authenticators to control caching and permissions.

This is backward compatible - both new and old authenticators will work with old and new framework,
but the functionality will only be present if both sides support it.

Change-Id: Ib2838cc2159f45264b38c844cd4c1d6f315d8064