Allow non privileged user to manage local instance

[tkontogi]

Is your feature request related to a problem? Please describe.
Use case:
Migrating from openLDAP to 389-DS.
The appadmin user is used in openLDAP for DIT management.
The same workflow is desired in 389.
Cockpit does not allow non-privileged users to manage the DS instance that the root user created.

Describe the solution you'd like
Through a polkit rule, allow specific/listed users to manage locally running instance created by the root user.

Describe alternatives you've considered
Created the following:

cat /etc/polkit-1/rules.d/60-cockpit.rules 
polkit.addRule(function(action, subject) {
    // Replace 'ldapuser' with the actual LDAP username
    if (subject.user == "appadmin") {
        // List of allowed apps for this user
        var allowedApps = [
            "org.cockpit.389-console" // Directory Server Management
        ];

        // Allow access only to the apps in the allowed list
        if (allowedApps.indexOf(action.id) >= 0) {
            return polkit.Result.YES;
        }

        // Explicitly deny access to everything else
        return polkit.Result.NO;
    }

    // Default behavior for other users (can be omitted if unnecessary)
    return polkit.Result.DEFAULT;
});

Then the user is expected by cockpit to elevate permissions so that it can run cockpit-bridge --privilledged.

Adding that for the user in sudoers allows the user to elevate permissions and gain access to all cockpit apps which overrides the purpose of being able to only use the 389 application.

Additional context
Add any other context or screenshots about the feature request here.