Add RemoveFabric to AccessControl (#16685)

Use the "public" API to delete entries for a fabric.

Tested (on Linux using chip-all-clusters-app and chip-tool) by
commissioning on three fabrics, with 3, 2, and 2 distinct ACLs,
then removing the second (middle) fabric, and verifying that
the remaining 5 ACLs are preserved, even after restart.

Part of issue #13876 (fabric removal and factory reset)

src/access/AccessControl.cpp

@@ -188,6 +188,22 @@ CHIP_ERROR AccessControl::Finish()
     return retval;
 }
 
+CHIP_ERROR AccessControl::RemoveFabric(FabricIndex fabricIndex)
+{
+    ChipLogProgress(DataManagement, "AccessControl: removing fabric %u", fabricIndex);
+
+    CHIP_ERROR err;
+    do
+    {
+        err = DeleteEntry(0, &fabricIndex);
+    } while (err == CHIP_NO_ERROR);
+
+    // Sentinel error is OK, just means there was no such entry.
+    ReturnErrorCodeIf(err != CHIP_ERROR_SENTINEL, err);
+
+    return CHIP_NO_ERROR;
+}
+
 CHIP_ERROR AccessControl::Check(const SubjectDescriptor & subjectDescriptor, const RequestPath & requestPath,
                                 Privilege requestPrivilege)
 {

src/access/AccessControl.h

@@ -468,6 +468,8 @@ class AccessControl
         return mDelegate->DeleteEntry(index, fabricIndex);
     }
 
+    CHIP_ERROR RemoveFabric(FabricIndex fabricIndex);
+
     /**
      * Iterates over entries in the access control list.
      *

src/app/server/Server.h

@@ -223,6 +223,7 @@ class Server
             {
                 groupDataProvider->RemoveFabric(fabricIndex);
             }
+            Access::GetAccessControl().RemoveFabric(fabricIndex);
         };
         void OnFabricRetrievedFromStorage(FabricInfo * fabricInfo) override { (void) fabricInfo; }