[3.1.7 Backport] Recovery from cas mismatch on metadata documents when using xattrConfig

When using xattr bootstrap persistent, we write document cas to the metadata.  This we originally intended to detect cases where the registry has been modified or copied into the cluster by an actor other than the local Sync Gateway cluster (i.e. to prevent injection of external configs with unsupported properties).

Reads and writes are performed using this cfgCas value, and not the document cas.  However, we don't have any handling to recover from situations where there's a mismatch between the actual document cas and the value stored in the metadata. When this happens, the registry and database become unwritable (as the invalid cfgCas is used as cas when writing the documents), and will always return a conflict on update.

Need to review the strategy for preventing prohibited direct updates to the document while still providing a recovery path.