Add new permission to allow bypassing the Site Policy via API

[jmendeza]

Duplicates

• [X] I have searched the existing issues

Is your feature request related to a problem? Please describe.

Related to https://github.com/craftercms/craftercms/issues/6691

There are scenarios where a privileged user should be able to bypass the site policy rules, but it still makes sense to keep the policy.

For example, default site policy will transform to lowercase asset names. An automated ETL process might try to upload content items referencing assets with mixed case names.

Scenario:

• /site/website/page1/index.xml pointing to /static-assets/images/DOG.jpg
• ETL uploads DOG.jpg, which is transformed to dog.jpg
• ETL uploads index.xml referencing to absent DOG.jpg

Result:

• Page contains a broken reference
• Because of case-insensitive paths, the DB will report the reference as valid.

Describe the solution you'd like

Add a new bypass_site_policy permission that will allow users to send a new byPassPolicy flag (default to false) to content write API to ignore the site-policy rules. UI will not send that flag. That permission will not be added by default.

[jmendeza]

This is related to https://github.com/craftercms/craftercms/issues/6691