For security reasons, we run the C-compiler in a sandbox process
which by default uses the same (non-)privileges as the other sandboxes
(VCL compiler, test-loader process and the worker process).

On some systems access to the C-compiler is limited, also for reasons
of security, and varnishd will fail to compile VCL code, unless all
the sandboxes are given access to the C-compiler.

Add a new parameter "group_cc" which adds a single gid to the grouplist
of the sandbox which executes the cc_command, for the benefit of such
systems.

Do some slightly related polishing of the docs/help-texts in this area
while here anyway.

Fixes #1521