Designate DNS – "Zone Ownership Transfers API" - Admin client is able to impersonate another project, without using “x-auth-sudo-project-id” HTTP header

Test Scenario:
As Admin client activate “Show a Zone Transfer Request” withoput addong the “x-auth-sudo-project-id” to API request HTTP heaaders.

Patch to reproduce: https://review.opendev.org/c/openstack/designate-tempest-plugin/+/786248 (Patchset #6)

2021-04-28 11:37:41.076222 | controller | 2021-04-28 11:37:34,639 96585 INFO [designate_tempest_plugin.tests.api.v2.test_transfer_request] As Admin tenant fetch the transfer_request without using "x-auth-sudo-project-id" HTTP header. Expected: 404
2021-04-28 11:37:41.076234 | controller | 2021-04-28 11:37:34,679 96585 INFO [tempest.lib.common.rest_client] Request (TransferRequestTest:test_show_transfer_request_impersonate_another_project): 200 GET https://149.202.178.161/dns/v2/zones/tasks/transfer_requests/a3d6ffa9-3194-4c80-be24-11591ddc6092 0.039s
2021-04-28 11:37:41.076247 | controller | 2021-04-28 11:37:34,679 96585 DEBUG [tempest.lib.common.rest_client] Request - Headers: {'Content-Type': 'application/json', 'Accept': 'application/json', 'X-Auth-Token': '<omitted>'}
2021-04-28 11:37:41.076259 | controller | Body: None
2021-04-28 11:37:41.076271 | controller | Response - Headers: {'date': 'Wed, 28 Apr 2021 11:37:34 GMT', 'server': 'Apache/2.4.41 (Ubuntu)', 'content-len
2021-04-28 11:37:41.076293 | controller | gth': '464', 'x-openstack-request-id': 'req-438e75c2-1ce3-4a29-891b-0aa56029bbe1', 'content-type': 'application/json', 'connection': 'close', 'status': '200', 'content-location': 'https://149.202.178.161/dns/v2/zones/tasks/transfer_requests/a3d6ffa9-3194-4c80-be24-11591ddc6092'}

Actual Result:
Admin client is able to “show” the data for another project. 200 OK.

Expected result:
Without using “x-auth-sudo-project-id” HTTP header, 404 NotFound status code is expected