Nudge admin mode when creating a custom admin role

Fix proposal

We will show warning for admins to enable admin mode in case they are creating admin role.

This is frontend-only issue

Final solution

#556110 (closed) - probably will be released in %18.4

Description from security audit

Make Admin Mode a requirement for users with these custom admin permissions. These permissions increase the attack surface for the admin pages as new users can now access those pages. So, if such user accounts get compromised, through an XSS attack vector, their session gets stolen etc. an attacker would now get access to the admin pages, even if it is read only access to specific pages. To mitigate this threat, we must require Admin Mode on users who have any of these custom admin permissions.

Edited by Jarka Košanová