Backport of UI: Update resultant-acl banner into release/1.15.x

[hc-github-team-secure-vault-core]

Backport

This PR is auto-generated from #25256 to be assessed for backporting due to the inclusion of the label backport/1.15.x.

The below text is copied from the body of the original PR.

---

This PR updates when the resultant-acl banner is shown to a user.

Before, we were always calling resultant-acl at the current namespace. This typically would fail when the user is accessing a child namespace that they have access to, unless the administrator specifically gave them read access to the resultant-acl path within that namespace. This is a subpar experience for both users and administrators.

With this change:

• resultant-acl will always be called at the user's root namespace instead of the current namespace
  • eg. if I'm user bob enabled at an auth mount in ns1, my resultant-acl call will always be made to namespace ns1 regardless of the namespace I'm currently accessing
• As a result of the above, the call should never fail unless the user does not have the default policy attached. This means we can differentiate between no namespace access and a failed call.
  • If the call does fail, a banner with "Resultant ACL check failed" will show
• Once the call succeeds, we then check if the current namespace the user is accessing is present in any of the paths returned from the call. This allows the behavior to work consistently regardless of the group_policy_application_mode set.
  • When the call succeeds but the namespace is not present in the paths, a banner with "
• For CE, the namespace link will not show and it will in practice only show the "Resultant ACL check failed" message

When accessing a namespace that is not in your policy:

When logged in with a user that does not have the default policy attached

---

Overview of commits

• 30aa1b4

[github-actions]

Build Results:
All builds succeeded! ✅