security: make domain_login_only+enable_strict_* mode work (#14557)

Make `domain_login_only`+`enable_strict_acl_check`+`enable_strict_user_management` work.

- grpc-proxy: fix bug that require admin to have explicit `ydb.database.connect` permission on a database to be able to work with it (while original intention was that admins should bypass database connect check)
- ticket-parser: allow users from the root database to authenticate in a tenant database
- allow cluster admin to set the owner of a database (e.g. database admin) at the root schemeshard, without checking target sid for existence, effectively bypassing `enable_strict_acl_check` restriction in that particular case

0 files changed, 0 insertions, 0 deletions