We currently convert authorizer actions once in the MultiTenantAuthorizer and again in ConfluentServerAuthorizer - this seems unnecessary.