Deprecate and remove the exportPublic + ACL-based approach to exported object expiry

[lmsurpre]

Is your feature request related to a problem? Please describe.
When the export is configured to create public objects (fhirServer/bulkdata/storageProviders/(source)/exportPublic = true), we attempt to set an ACL policy for objects to make them temporarily public. I believe that is currently hard-coded to 2 hours.

Unfortunately, neither minio nor IBM COS actually honor this setting:

Please note that IBM COS does not support expiration time for each single COS object, so please configure retention policy (e.g, 1 day) for the bucket if IBM COS is used.

Although its documented, this seems like it could end badly (exports staying public too long and hacked/stolen because of it).

In #882 we added support for using presigned URLs for clients to fetch the resources and that seems like a better approach.

Describe the solution you'd like
Deprecate and eventually remove support for fhirServer/bulkdata/storageProviders/(source)/exportPublic.
Guide users toward using HMAC auth and presigned URLs instead.

Describe alternatives you've considered
Continue to support setting ACLs.

Acceptance Criteria
Documentation is clear that HMAC auth and presigned URLs is the preferred approach.

Additional context
Originally discussed at https://github.com/IBM/FHIR/pull/2052/files#r592359447

[lmsurpre]

two locations: config and bulkdata util
mostly just testing

[lmsurpre]

The deprecation was done in 4.8.1.
The removal will be done via #2380 for 4.9.0.

[lmsurpre]

I reviewed the results of #2380 and I think we should go even further...I opened #2543 with a couple additional removals including a proposal to remove the legacy bulkdata config that has been deprecated since 4.6.0.

[lmsurpre]

#2543 is merged and I'm calling this one done.