ci: allow service role CI account usage to have elevated access

When I thought change I2b4bcc748b6e43e4215dc45137becce301349032
was going to fix everything, that was with the mental model that
it was going to be enabled by default. That didn't happen in
review as part of the service, but the reality is we still have
some adjacent CI jobs which need it to operate properly.

Given CI, it is just invoked when scope enforcement is enabled
for CI purposes

Change-Id: I60074504742d8b09017acbb42d2706215b0169af

devstack/lib/ironic

@@ -1535,8 +1535,13 @@ function configure_ironic {
     if [[ "$IRONIC_ENFORCE_SCOPE" == "False" ]]; then
         iniset $IRONIC_CONF_FILE oslo_policy enforce_scope false
         iniset $IRONIC_CONF_FILE oslo_policy enforce_new_defaults false
+    else
+        # NOTE(TheJulia): In devstack, services by default get service role
+        # accounts in a service project. Under normal circumstances, they
+        # need to be able to have elevated access if not explicitly
+        # configured for a system scoped account.
+        iniset $IRONIC_CONF_FILE DEFAULT rbac_service_role_elevated_access true
     fi
-
     # Set fast track options
     iniset $IRONIC_CONF_FILE deploy fast_track $IRONIC_DEPLOY_FAST_TRACK