Change authz killCursor behavior

[jacksontj]

The current killCursor implementation simply maps to a global delete permission. This was "accurate" based on old mongo behavior (<4.2) -- but in later versions users are always allowed to killCursor on cursors they created. So to do this we simply need to change the plugin to check the cursor cache (assocatied with the connection) and if the cursor they are killing is in there -- it doesn't need permissions. Then if the cursorId is not in the cache -- then we should check the same global delete permission.