bulk_delete_user_posts REST API issues

[kdmccormick]

It was originally implemented by:

• feat: added endpoint for priviledged roles to delete threads of a user #37030

Issues with the original implementation:

• It makes user-facing changes but did not go through community product review
• Documentation incorrectly states that deleted posts are limited to course_id; they actually span across the entire org containing course_id if course_or_org=="org".
• Related to ^, it allows anyone with staff or forum mod role in course-v1:MyOrg+X+Y to bulk-delete posts across all of MyOrg. This is a security flaw.
• Does not use api_doc_tools; documentation can only be viewed in the codebase.
• Does not work with MySQL-backed forums
• Adds utility code which reaches directly in MongoDB-backed forums interface

We are reverting the frontend changes:

• revert: feat: added bulk delete user posts feature for privileged users frontend-app-discussions#818

For the backend, we will do one of the following:

• Minimizing impact by down-scoping the backend API to global staff only: temp: Restrict forum bulk-delete to global staff only #37401
• Put it behind a feature flag
• Revert the backend API entirely: revert: feat: added endpoint for priviledged roles to delete threads of a user #37403
• Revert the API in Ulmo but leave it in master

[ormsbee]

Update: The frontend for this feature was reverted entirely on master before the Ulmo release cut.

The backend for this feature is being restricted to global staff on the Ulmo branch. The backend is being left as-is on master, with the understanding that this will be an area of active development in the Verawood release cycle, and that a more polished version of this moderation functionality will be available when Verawood is launched.