Merge branch 'restricted-moderators' into 'develop'

AdminAPI: Optionally restrict moderators from accessing sensitive data

See merge request pleroma/pleroma!3578

config/config.exs

@@ -257,7 +257,8 @@ config :pleroma, :instance,
   ],
   show_reactions: true,
   password_reset_token_validity: 60 * 60 * 24,
-  profile_directory: true
+  profile_directory: true,
+  privileged_staff: false
 
 config :pleroma, :welcome,
   direct_message: [

config/description.exs

@@ -941,6 +941,12 @@ config :pleroma, :config_description, [
         key: :profile_directory,
         type: :boolean,
         description: "Enable profile directory."
+      },
+      %{
+        key: :privileged_staff,
+        type: :boolean,
+        description:
+          "Let moderators access sensitive data (e.g. updating user credentials, get password reset token, delete users, index and read private statuses and chats)"
       }
     ]
   },