Strip local ACL tokens from RPCs during forwarding if crossing datacenters

[rboyer]

When forwarding RPCs from servers in one datacenter to servers in a different datacenter we should do something reasonable if we know in advance the ACL token attached to the RPC is a local token (and thus would not be resolvable in the remote datacenter).

The easy first fix would be to do this munging on the local server. If the token is detected as a local token simply strip it and forward the RPC along as-is. On the destination side this will activate the anonymous token.

A related fix would be to do a similar process when doing local forwarding from clients to servers. If the local client detects that a local ACL token is being passed, and the destination is not the current datacenter it should substitute the agent default token if present. This is conceptually similar to what would happen if you had an API call come in with no token to a client.

This couples nicely with the server-to-server fix above in the event that the agent default token itself was a local token.

[rboyer]

This would provide one easy way to work around the scenario in #7381 by ensuring the anonymous token was setup to have a policy like:

service_prefix "" { policy = "read" }
node_prefix    "" { policy = "read" }

This is hopefully not too much to ask as it's roughly what you'd already need if you were exposing service discovery via DNS anyway.