`CheckLimits` validation incorrectly enforces Account and Domain limits when Project ID is specified

[chadswen]

/kind bug

What steps did you take and what happened:
When deploying a cluster within a CloudStack Project, the CAPC controller enforces Account and Domain resource limits, which should be ignored if a project is configured.

In CloudStack, resources owned by a project count only against the Project and Domain quotas, completely bypassing the individual Account quota. In many "Project-first" organizations, user account limits are intentionally set to 0 to force all resource consumption into shared projects.

Currently, CAPC fails to reconcile instances within CheckAccountLimits for "Project-first" configurations, even when the target Project has ample available quota, because it detects the user's personal Account limit is 0.

Additionally, the listDomains API is commonly restricted in these organizations, which can cause CheckDomainLimits to fail for Project users as well.

What did you expect to happen:

• The controller should allow creation of Project scoped resources when the Project limits have adequate quota available, regardless of the account and domain limits.
• Project scoped resource creation should not require privileged permissions to check limits against the the domain APIs, as "Project-only" users commonly do not have permissions for Domain admin scoped APIs in hardened environments.

Environment:

• Cluster-api-provider-cloudstack version: v0.6.1
• Kubernetes version: (use kubectl version): v1.35.0
• OS (e.g. from /etc/os-release): Debian 12 bookworm