Fix Roles API test failures

[john-odonnell]

Desired Outcome

Fix the OpenAPI description CI build.

Implemented Changes

• Remove 403 responses, and tests confirming them, from the Roles API. See cyberark/conjur#2755.
• Update list of admin user system memberships.

Connected Issue/Story

CNJR-1816

Definition of Done

At least 1 todo must be completed in the sections below for the PR to be merged.

Changelog

• [ ] The CHANGELOG has been updated, or
• [ ] This PR does not include user-facing changes and doesn't require a CHANGELOG update

Test coverage

• [ ] This PR includes new unit and integration tests to go with the code changes, or
• [X] The changes in this PR do not require tests

Documentation

• [ ] Docs (e.g. READMEs) were updated in this PR
• [ ] A follow-up issue to update official docs has been filed here: [insert issue ID]
• [X] This PR does not require updating any documentation

Behavior

• [ ] This PR changes product behavior and has been reviewed by a PO, or
• [ ] These changes are part of a larger initiative that will be reviewed later, or
• [X] No behavior was changed with this PR

Security

• [ ] Security architect has reviewed the changes in this PR,
• [ ] These changes are part of a larger initiative with a separate security review, or
• [X] There are no security aspects to these changes

[john-odonnell]

Tried and failed to fix the Kong example - we shouldn't let it block this PR. See my in-progress fix on the kong-fix branch.

Part of the issue is that the insomnia-inso npm package used to generate the Kong declarative config has been deprecated in favor of a new Inso CLI.

Once these are swapped, there's another issue when trying to make requests to Conjur through the Kong gateway:

<header>
  <h1>Blocked host: kong</h1>
</header>
<div id="container">
  <h2>To allow requests to kong make sure it is a valid hostname (containing only numbers, letters, dashes and dots), then add the following to your environment configuration:</h2>
  <pre>config.hosts &lt;&lt; "kong"</pre>
</div>

This is a result of Rails's Host Authorization middleware active in Conjur, restricting the set of accepted hostnames to only those listed here. Maybe we could open up the set of accepted hosts in Conjur's development config env.