allow deletion of students (if permitted by credential claimset and API auth strategy)

[tomreitz]

This PR removes the hard-coded prevention of lightbeam delete for students.

Note that if the Ed-Fi API uses a relationship-based authorization strategy, you may run into the following situation:

You run lightbeam delete, which deletes records from resources in dependency-order. Since studentEducationOrganizationAssociations depend on students, the stuEdOrgAssns are (successfully) deleted first. However, now your EdOrg no longer has any relationship to your students, so when lightbeam subsequently attempts to delete students, the API returns 403 unauthorized status codes. There is no way to delete these students with your API credentials.

If you see many 403 errors when lightbeam deleteing students, you may need to obtain new Ed-Fi API credentials with a different authorization strategy and try again.

[tomreitz]

@johncmerfeld I don't think this is a controversial PR, it's just fixing this issue raised by Megan. I'm tagging you to review, if you don't mind. I think Jay has been too busy to review. I'm cleaning up open PRs. 😄 Thanks!