Fix: container owner should be able to add vault
    
    With recent change in DS (CVE fix), ds is not returging DuplicatedEntry
    error in case that user is not permitted by ACI to write, but ACIError instead.
    
    Is safe to ignore ACI error in container, because it will be raised
    again later if user has no access to container.
    
    https://fedorahosted.org/freeipa/ticket/6159
    
    Reviewed-By: Martin Basti <mbasti@redhat.com>