Refactor: libcib: Avoid cib_acl_enabled() duplication

In all of these cases, what we really care about is whether ACLs are
enabled for the user in the original CIB (*current_cib). The differences
come from the aliases (cib_ro and scratch) that we use for *current_cib,
and whether scratch is a copy of *current_cib (in which case the return
value of cib_acl_enabled() would be the same).

Also add a couple of TODO comments. This is a very convoluted and
confusing function and likely has some corner case bugs.

Signed-off-by: Reid Wahl <nrwahl@protonmail.com>