[Salesforce] DLS feature is "type-level" not "document-level" security

[seanstory]

Bug Description

The implementation of the Salesforce Connector DLS (added in v8.13.0) utilizes "type-level security" and not "document level security". This means that the connector is looking to see, for every user, which Object types in Salesforce that user is eligible to view. Then for every object of that type that is synced by the connector, all of those users are given search access.

This fails to account for the fact that some users may be expressly denied permission to specific records in an Object type that they would otherwise have access.

For example, Jane Doe may be able to see most Case records. But there's one specific Case where she does not have access.
The Salesforce connector would still include jane.doe in the _allow_access_control list for that one specific case.

To Reproduce

1. Find a user that has general access to an object type
2. disallow them from a specific record of that type
3. run an content sync with DLS enabled
4. check the specific record's Elasticsearch document
5. find the user in the document's _allow_access_control list.

Expected behavior

"Document Level Security" should apply document level controls.

Environment

8.13.0