AO3-6218 Allow certain admins to access all collection and challenge pages usually reserved for owners

[not-varram]

Pull Request Checklist

• Have you read "How to write the perfect pull request"?
• Have you read the contributing guidelines?
• Have you added tests for any changed functionality?
• Have you added the Jira issue number
  as the first thing in your pull request title (e.g. AO3-1234 Fix thing)
• Do you have fewer than 5 pull requests already open? If not, please wait
  until they are reviewed and merged before creating new pull requests.

Issue

https://otwarchive.atlassian.net/browse/AO3-6218

Additional Notes

Failed on QA. Made necessary changes as per comments on jira.

Purpose

Allow admins with support, policy_and_abuse, or superadmin roles to access owner/maintainer collection and challenge pages for viewing/troubleshooting, without granting write permissions.

Implemented via shared controller helpers and action-level filter changes so read routes are opened for those roles while create/update/destroy paths remain owner/maintainer-only.

Testing Instructions

Automated coverage was added/updated for the affected controllers to verify:

• allowed admin roles can access read pages
• other admin roles cannot
• privileged admins still cannot perform protected updates

(Functional QA flow is already documented in the Jira ticket.)

Credit

varram (he/him)