We should not just kill the old feed URLs, especially if they were open site-level ones originally.
We can't respect the user/course information in the original URL, because this could be very insecure and allow access to information buried anywhere. So some old URLs are just not going to work anymore, especially those inside protected courses.
- when an old URL is detected, fetch the standard user "guest", construct a new URL and redirect to that URL.
- with a new URL, if we detect that the current user is guest, and we know that guest does not have access to the context (no items in the RSS feed), then we construct a fake RSS feed that explains the situation
"This feed uses guest access to access the data, but guest does not have permission to read the data. Visit the original location that this feed comes from (URL) as a valid user and get a new RSS link from there."