`SimpleAclAuthorizer` makes it hard to use interactive KSQL on locked down Kafka cluster.

[big-andy-coates]

With reference to the findings in #914.

The SimpleAclAuthrorizer supports saying a principle has access to topic, using the '' resource name, but does not support partial wildcards such as `kslquery` resource names.

Partial wildcards, or something similar, would mean a small set of well defined ACLs could enable KSQL to work well with an locked-down Kafka cluster, giving the KSQL user permissions on all the groups and changelog / repartition topics it requires.

Fixing this may negate the importance / use of #948

[big-andy-coates]

KIP-290 has been accepted into AK 2.0 release to fix the authorizer. Once coded, we'll need to update our tests and docs to reflect this.

[big-andy-coates]

With KIP-290 on its way this item is done.