Improve sudorule documentation

Added brief explanations for the various Sudo components in the
top level doc.  Added doc entries for RunAs User and RunAs
Group.

https://fedorahosted.org/freeipa/ticket/1657

ipalib/plugins/sudorule.py

@@ -22,6 +22,15 @@ give certain users (or groups of users) the ability to run some (or all)
 commands as root or another user while providing an audit trail of the
 commands and their arguments.
 
+FreeIPA provides a means to configure the various aspects of Sudo:
+   Users: The user(s)/group(s) allowed to envoke Sudo.
+   Hosts: The host(s)/hostgroup(s) which the user is allowed to to invoke Sudo.
+   Allow Command: The specific command(s) permited to be run via Sudo.
+   Deny Command: The specific command(s) prohibited to be run via Sudo.
+   RunAsUser: The user(s) or group(s) of users whose rights Sudo will be invoked with.
+   RunAsGroup: The group(s) whose gid rights Sudo will be invoked with.
+   Options: The various Sudoers Options that can modify Sudo's behavior.
+
 FreeIPA provides a designated binddn to use with Sudo located at:
 uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com
 
@@ -158,10 +167,12 @@ class sudorule(LDAPObject):
         ),
         Str('ipasudorunas_user?',
             label=_('RunAs User'),
+            doc=_('Run as a user or any user within a specified group'),
             flags=['no_create', 'no_update', 'no_search'],
         ),
         Str('ipasudorunas_group?',
             label=_('RunAs Group'),
+            doc=_('Run with the gid of a specified POSIX group '),
             flags=['no_create', 'no_update', 'no_search'],
         ),
         Str('externaluser?', validate_externaluser,