add max_sessions feature to access groups
it should be possible to configure max concurrent OTP-Sessions per access group. this could be used for e.g. roundcube to make an existing session. that exists because the user forgot logout (or because of a browser crash), obsolete so that it gets removed.