Test permission escalation scenarios

[slaskawi]

Describe the solution you'd like

We should check if it is possible to escalate permissions in the following scenario:

1. Create a user with full permissions within a workspace
2. Check if such a user can delegate permissions further by creating a Service Account and granting wider permissions to it.

Expected behavior is that users should be able to create roles, which are a subset of their own roles. They should not be allowed to create a superset.

cc @s-urbaniak @sttts