Overview
In order to do proper indexing with an external engine (like datafari) the API should be crawled by a user with access to all data. However there is no need for this user to modify data.
So we introduce a new top delegated permission "REST Read-only site administrator".
Users with this permission will have the right to read all resources of the platform (basically all GET/OPTIONS) but will have their regular rights for write/update routes (PATCH/POST/PUT/DELETE/...).
This permission only apply to REST resources, the user with "REST Read-only site administrator" permission won't have access to site admin web ui (even in read).