feat: allow for ExApps to call Admin endpoints marked with specific attr

[bigcat88]

Summary

This is for the Workflow Engine Project, and not only.

The option of duplicating ednpoints where they do not require the admin flag to be set seems to us not quite the right solution; sometimes for ExApps you still need to check whether the user is an administrator or not.

If you need to check the user for ExApp and it works in the user’s context, it sets the userId and everything works as it did.
Only if the request comes from ExApp and the user is not set in the session, then the check for the attributes "AuthorizedAdminSetting" and "SubAdminRequired" is skipped.

Original discussion here: #46539

Important comment: #46539 (review)

Since this opens a wide angle on our APIs, we should make sure that logging (and admin audit logging) is also aware of $this->userSession->getSession()->get('app_api') and properly logs that an action was performed "on behalf of a user" and not "by a user".

But be very careful in the logging so it never fails (catch throwable, etc.) as otherwise logging breaks completely.

This should go in the separate PR a bit later.

Checklist

• Code is properly formatted
• Sign-off message is added to all commits
• Tests (unit, integration, api and/or acceptance) are included
• Screenshots before/after for front-end changes
• Documentation (manuals or wiki) has been updated or is not required
• Backports requested where applicable (ex: critical bugfixes)