Add option to not set ACL for reconfig node

ZOOKEEPER-2014 changed the behavior of the /zookeeper/config node by setting the ACL to ZooDefs.Ids.READ_ACL_UNSAFE. This change makes it very cumbersome to use the reconfig APIs. It also, perversely, makes security worse as the entire ZooKeeper instance must be opened to "super" user while enabled reconfig (per ReconfigExceptionTest.java). Provide a mechanism for savvy users to disable this ACL so that an application-specific custom ACL can be set.