Improve the built-in access checks for sesman/sesexec:-
- Group existence is checked for at login-time rather than program
start time
- The name of the group is now included in the message
Also, check for UID == 0 when checking for root, rather than just
checking the name (which might be an alias)
cf5c2718af