Context checks in the db layer prevent default RBAC from working correctly

Description
===========
In the wallaby release, manila plans to refresh its policy defaults and allow user scopes as defined with the OpenStack Identity service (keystone) [1]

There are existing context checks (example [2]) in the database that prevent a system scoped user from obtaining information that's written into the database. Some of these context checks require an admin context, however, the RBAC via policy overrides may have been set to allow regular users, or users with roles other than admin to access these objects (example [3]). We need to relax these context checks in order to ensure correctness, and perhaps add missing RBAC policies where appropriate.

The exact issue is that the context checkers require that you be allowed by the RBAC policy default "context_is_admin" [4] or that you have a user_id and project_id. System users will not have a project_id, and they may not have the "admin" role either which is the default role for the "context_is_admin" RBAC policy.

Steps to reproduce
==================

These steps use the "availability zones" API as an example - the policy defaults for this API have been adjusted with: https://review.opendev.org/c/openstack/manila/+/763441

1) Clear any old environment that may conflict.
$ for key in $( set | awk -F= '/^OS_/ {print $1}' ); do unset "${key}" ; done

2) If you don't have a URL without project_id in it, system scoped users can't find the manila service, so set it: (we do this as part of devstack since: https://review.opendev.org/c/openstack/manila/+/773986)
           MANILA_ENDPOINT=$(openstack endpoint list --service manilav2 -f value -c ID)
           HOST_IP=$(grep HOST_IP= ~/devstack/.stackenv | cut -d "=" -f 2)
           openstack endpoint set --url http://$HOST_IP/share/v2 $MANILA_ENDPOINT

3) $ export OS_CLOUD=devstack-system-reader
   $ TOKEN=$(openstack token issue -f value -c id)
   $ MANILA_URL=$(openstack catalog show manilav2 -c endpoints -f json | jq .endpoints[0].url)

        curl -i -X GET $MANILA_URL/availability-zones -H "X-Auth-Token: $TOKEN" -H "X-OpenStack-Manila-API-Version: 2.57"

Expected result
===============
200 OK with AZs as JSON

Actual result
=============
403 Forbidden

Environment
===========
1. Devstack, Wallaby/main

Logs & Configs
==============

You could set [oslo_policy]/enforce_scope=True and [oslo_policy]/enforce_new_defaults=True
but these have no effect as far as this failure is concerned.

[1] https://review.opendev.org/q/topic:%2522secure-rbac%2522+(status:open+OR+status:merged)+project:openstack/manila
[2] https://opendev.org/openstack/manila/src/commit/8d9fb9250ddb4d5b111d5cb61fb61b6e1d91bea5/manila/db/sqlalchemy/api.py#L4788-L4789
[3] https://opendev.org/openstack/manila/src/commit/8d9fb9250ddb4d5b111d5cb61fb61b6e1d91bea5/manila/db/sqlalchemy/api.py#L4940-L4942
[4] https://opendev.org/openstack/manila/src/commit/8d9fb9250ddb4d5b111d5cb61fb61b6e1d91bea5/manila/policies/base.py#L70