Document (from my guess of why we have this behavior) why we have such a
patch, also cover our expected behavior in a minimal test.

Keep refusing methods ending in __roles__, so that we can run original
AccessControl test suite, also because it seems safer and because
allowing or not to define methods ending in __roles__ should not affect
our cases.