Looking at the write ACL for m2m_connected_content, there are no specified roles or data conditions, so the security rule will return true if the script returns true.

answer = gs.hasRole("taxonomy_admin") || new global.TaxonomyUtil().isTaxonomyManager()  || new global.TaxonomyUtil().isTaxonomyContributor() || new global.TopicPermissionUtil().isTopicManager(current.topic.toString()) || new global.TopicPermissionUtil().isTopicContributor(current.topic.toString());

The script is checking a number of things and if anyone of which is true, access will be granted. The first function is pretty implicit and is simply checking if the user has the taxonomy_admin role.

Each of the subsequent conditions call a different function in a script include, so you will need to view each in turn to establish what they are doing and which of them is granting access to the users who should not be able to access.

Once you have established this, I would first evaluate wether it is possible to  deliver your requirement using the out of box rules. For example, perhaps users that should not be able to edit these records have been made Taxonomy Contributors in error and making the required data changes can achieve the desired outcome without customising ACLs.