Permissions for custom fields are broken on public-facing pages

This is wordpress#55 (closed), but @haystack asked me to open a new ticket here since it's not a WP issue.

ACLs for custom fields are cached on a system-wide and not per-user basis. This means that non-permissioned users can see fields they shouldn't, and permissioned users won't see fields they should.

Steps to Replicate

Assuming a civibuild install:

• Remove the "CiviCRM: access all custom data" permission from anonymous users. They should now see no custom fields.
• Add a custom field to a contribution page's profile.
• As administrator, view the live contribution page. Note the field is present (which is correct).
• In an incognito window, view the live contribution page. The field is still present (which is incorrect).
• Clear cache.
• View the page again, but view as an anonymous user first. The field will be gone, but it will still be gone when you view as an administrator.

I don't intend to file a patch - this bug masked a misconfiguration in my client's case, and fixing it made this bug irrelevant to them. But I wanted to give reliable replication steps since folks like @darren.woods have encountered this in the wild.