The framework for being able to do RBAC unit testing
in Deckhand was added here:
#I86f269a5b616b518e5f742a4005891412226fe2a
https://review.gerrithub.io/#/c/381205/
This PS expands on that foundation by implementing
negative RBAC tests for the remainder of the Deckhand
APIs. Negative testing means attempting to call APIs
with insufficient permissions and expecting 403s or
empty response bodies, depending on whether the
policy enforcement is critical or conditionally
applied.
Also fixes a minor bug related to returning a deleted
document for the endpoint PUT /api/v1.0/bucket/{bucket_name}/documents
Change-Id: I7ae50f300c1c877c3c162a032611a380f8948065