soft delete APIs enforce data owner access
Please refer to this issue: Soft Delete APIs should enforce data owner access check
This MR is to update default data authorization policy we're using today to reflect this change, so that with OPA integration turned on, soft delete APIs will still enforce data owner access check.