extract virtual operation access check subroutine
Outside of virtual commands themselves there is no way to evaluate
access to perform a virtual operation. Such a capability will be
needed for Dogtag-based certificate request validation using
Kerberos proxy credentials.
Add the 'check_operation_access' method for explicit virtual
operation access checks. Refactor 'VirtualCommand.check_access()'
to use it.
Part of: https://pagure.io/freeipa/issue/5011
Part of: https://pagure.io/freeipa/issue/6423
Reviewed-By: Christian Heimes <cheimes@redhat.com>