AO3-6218 Allow certain admins to access all collection and challenge pages usually reserved for owners

[not-varram]

Pull Request Checklist

• Have you read "How to write the perfect pull request"?
• Have you read the contributing guidelines?
• Have you added tests for any changed functionality?
• Have you added the Jira issue number
  as the first thing in your pull request title (e.g. AO3-1234 Fix thing)
• Do you have fewer than 5 pull requests already open? If not, please wait
  until they are reviewed and merged before creating new pull requests.

Issue

https://otwarchive.atlassian.net/browse/AO3-6218

Purpose

Allow admins with support, policy_and_abuse, or superadmin roles to access owner/maintainer collection and challenge pages for viewing/troubleshooting, without granting write permissions.

Implemented via shared controller helpers and action-level filter changes so read routes are opened for those roles while create/update/destroy paths remain owner/maintainer-only.

Testing Instructions

Automated coverage was added/updated for the affected controllers to verify:

• allowed admin roles can access read pages
• other admin roles cannot
• privileged admins still cannot perform protected updates

(Functional QA flow is already documented in the Jira ticket.)

Credit

varram (he/him)

[Bilka2]

Please use pundit for the access control. You can find our existing policies in the app/policies folder if you'd like examples. The other issues on the admin role Epic also have examples of pundit implementations.

Since this is a rather big PR already just with the permission changes, I would prefer if you didn't action unrelated rubocop issues, like the i18n changes you did here. The risk that something accidentally breaks is just too big there to include it all with the permission changes.

For the specs, please use the an action only authorized admins can access shared example if possible, it tests a lot of admin roles automatically. Examples for it's use can be found all across the admin role tests.

[not-varram]

Hey- I dont have a way to get this out of "Coder has reviewed action" tag but I'm still working on it.

[not-varram]

it's ready to be reviewed :)