4.1.7 - Real time access control decision making

[EnigmaRosa]

Note: this is referenced as 4.1.10 in #2033, but I updating the numbering to account for the skipped requirements.

I propose the addition of a new requirement that addresses the need for access decisions to be made on the most current permissions information. For example, let's say a user's access permissions are modified while that user has an active session (i.e. admin revokes access to edit files) - if the system does not check the user's permissions in real time (i.e. instead relying on cached access information), the user would be able to edit a file, which they should no longer be able to do.

#	Description	L1	L2	L3	CWE
4.1.7	[ADDED] Verify that the access control system makes real-time access control decisions based on current permissions values.	✓	✓	✓