The previous implementation didn't depend in any way on what object the
right was granted on, merely the membership of the group, and what
groups that group was in.  The correct implementation examines the
ObjectType and ObjectId parameters of the ACL table.  Specifically, it
returns groups which are the target of ACLs, which were granted by a
group, which the current user is a member of.  That is, groups which the
current user has a particular right on, as the name of the method
implies.

t/api/group-rights.t has been refactored to be more concise, and cover
all possibilities of where the ACL can be granted, and to what.
ForWhichCurrentUserHasRight now agrees with CurrentUserHasRight for all
cases.