Allow only root user to read fate and scanref tables by default

[dlmarion]

Closes #6137

[keith-turner]

Discussed this w/ @ctubbsii and we think all that needs to be done for this change is remove this code and add the test.

[keith-turner]

If the test scans the fate table here it will probably succeed because the namespace grants permission here. Would be good to also add a scan attempt here.

Seems like we need to remove this namespace code because there is table code that already grants anyone access to read metadata and root. Was not sure if removing that would impact the system user, but it does not seem it will because SecurityOperation has an explicit check that gives the system user all permissions.

[ctubbsii]

because SecurityOperation has an explicit check that gives the system user all permissions

Even that should probably be locked down. It doesn't need access to most tables, just read/write access to the system tables. But, that's out of scope of this PR and can be done separately.

[keith-turner]

We probably do not need to hard code this access for root because the root user can grant itself access by default.

[ctubbsii]

I agree. The only special permissions the root user has is the ability to manage permissions of others. It shouldn't get special treatment with access to data. That is not its role. It can always grant itself that role, if that's how a user wants to do things, but it shouldn't be the default.

[dlmarion]

Removing this and the code to give all users read permission in the Accumulo namespace causes the new code in the IT (below) to fail. Is this what you expected?

      verifyHasOnlyTheseTablePermissions(c, c.whoami(), SystemTables.FATE.tableName(),
          TablePermission.READ);
      verifyHasOnlyTheseTablePermissions(c, c.whoami(), SystemTables.SCAN_REF.tableName(),
          TablePermission.READ);