Description of problem:
With the current implementation of acl-add:
              [--type={switch | port-group}] [--log] [--meter=meter] [--severity=severity]  [--name=name] [--may-exist] acl-add entity direction priority match verdict

We are only able to add an ACL to a single entity. It would be nice to be able to apply an ACL to multiple entities at once. Otherwise acl-add has to be run multiple times, resulting in multiple ACLs.

Additionally, if acl-add is used for an ACL that may already exist using "--may-exist", but the entity specified does not the have the ACL, the ACL will not be added (expected), but it will also not add the ACL to the entity.

This results in no mechanism to be able to set the ACL to one or more entities, without direct database interaction. The real issue is that the acl-add command is doing 2 actions, creating an acl and associating it. I think a solution is to introduce separate commands to handle these issues, and eventually deprecate acl-add current behavior. We can create two commands to handle each action:

1) modify acl-add as follows:
acl-add --acl-only (allows adding an acl without an entity)
acl-add entities (replace entity with csv of one or more entities)

2) entity association commands:
acl-set-entities (sets an existing ACL to one or more entities)
acl-add-entities (adds one or more entities to an existing ACL)
acl-del-entities
acl-get-entities