We tack these onto the tests from bug 812415, adding coverage for
nsExpandedPrincipal and making sure that the waivers are deep.
We also take the opportunity to check the asymmetric security
relationship between a principal and its corresponding nsEP.