feat: add APIs to list roles a user can assign for a dataset or dataverse

[vera]

What this PR does / why we need it:

This PR adds two API endpoints that list the roles a user is allowed to assign to others for a given dataset or dataverse.

The endpoints return all roles that have no more permissions than the current user. Roles with higher permissions are excluded.

This is needed for our custom UI’s role assignment form, so that users only see roles they are actually allowed to assign. The same endpoints could also be used by the new SPA.

For reference, the current Dataverse UI lists all roles, even those the user cannot assign:

If a user tries to assign a role they are not allowed to assign, they currently see an error message:

With this PR, the UI could also be updated to show only assignable roles, preventing this error, by applying the following change in ManagePermissionsPage.java:

-         return roleService.availableRoles(dvObject).stream()
+         return roleService.availableRoles(dvObject, session.getUser()).stream()

Which issue(s) this PR closes:

Not aware of an issue

Special notes for your reviewer:

/

Suggestions on how to test this:

I've added tests here:

mvn test -Dtest="DataversesIT#testListAssignableRoles"

mvn test -Dtest="DatasetsIT#testListAssignableRoles"

Does this PR introduce a user interface change? If mockups are available, please link/include them here:

/

Is there a release notes update needed for this change?:

I've added a release note.

Additional documentation:

/

cc @johannes-darms

[coveralls]

coverage: 24.334% (-0.002%) from 24.336%
when pulling 817eceb on vera:feat/user-assignable-roles
into a843c84 on IQSS:develop.