Code review comment for lp:~nick-dedekind/mir/trusted_sessions

I'm wondering why we have single "trust session" object managed by the client that can contain zero or more pids - wouldn't a more useful design be to have a collection of zero or more trusted pids that can be managed by the client?

Vis:

start_trust_session(pid1, pid2)
...
stop_trust_session(pid1)
...
start_trust_session(pid3)
...
stop_trust_session(pid2, pid3)