SAK-42465 Add user.view.any permission to allow global user lookups for webservices (#7334)
This adds a new user.view.any permission to support the use-case for a webservice account
to be able to look up user information through the /direct/user endpoint, without the account
needing to be admin-equivalent.
This can be achieved at a global level by setting the server configuration property
entity.users.viewall=true, but that applies to all users. The user.view.any permission
can be set for a specific account or group of accounts by creating a special account
type (e.g. "webservice"), creating a user template role (e.g. !user.template.webservice),
and then setting the permission for the .auth role in the template realm.