co-authored-by: Mickael Maison <mickael.maison@gmail.com>

...

This makes it currently impossible to allow a user to manage the lifecycle of a defined set of topics, as she/he will be able to create any topics, but not necessarily to delete all of them.

Proposed Changes

Change the current ACL check for creating a topic T, from CREATE on Cluster, to CREATE on Topic(T).

Change the AclCommand CLI tool so that the `–producer` convenience option manages the new needed ACL. 

Public Interfaces

On failure from an authorization check, CreateTopicsRequest will return with an error code of  TOPIC_AUTHORIZATION_FAILED(29) instead of CLUSTER_AUTHORIZATION_FAILED (31)

...

• What impact (if any) will there be on existing users?
  • existing ACLs with CREATE permission on Cluster will not allow users to create topics anymore
• If we need special migration tools, describe them here.
  • replacing CREATE Cluster ACLs with CREATE Topic *

Rejected Alternatives

An alternative that we want to discuss with the community is to favour compatibility rather than simplicity,
and consider existing "Create Cluster" permission as equivalent to "Create Any Topics", so that Create Cluster is allowed, skip the specific Create Topic check.

In that case for symmetry there could be a DELETE check on Cluster meaning delete any topics.