Force SessionHandler::$isACP to be false

Force SessionHandler::$isACP to be false

This causes the ACP to reuse the frontend session. This improves the user
experience for enabled multi-factor authentication, because the ACP will no
longer require both the password *and* an additional MFA code when the user's
web browser is already authenticated in the frontend.

Additionally it will allow to simplify the whole session handling logic, due to
the future removal of several code branches.

This removal of the branches is not yet done to keep this commit simple.

As of right now the ACP will have reduced security compared to the situation in
5.3, because no passwords will be asked either. This will also be fixed in a
future commit by using the reauthentication framework.