fix(admin): custom admin permission class

[vkWeb]

Summary

When admins were added, on our backend we were setting is_admin=True but DRF checks against is_staff so this PR implements a custom IsAdminUser DRF permission class to fix the issue.

Manual verification steps performed

1. Log in as admin user a@a.com on studio from the unstable branch.
2. Add user@b.com or any other user as an admin.
3. Log out and log in as user@b.com.
4. Open Administration: http://localhost:8080/en/administration. Open networks tab on dev console, you'll see 403 errors.
5. Now, on switching to this PR's branch, the above issue is fixed. The Administration view is fully functional.

Reviewer guidance

Now when we add admins do they get expected access?

References

Closes #3348.

Contributor's Checklist

PR process:

• If this is an important user-facing change, PR or related issue the CHANGELOG label been added to this PR. Note: items with this label will be added to the CHANGELOG at a later time
• If this includes an internal dependency change, a link to the diff is provided
• The docs label has been added if this introduces a change that needs to be updated in the user docs?
• If any Python requirements have changed, the updated requirements.txt files also included in this PR
• Opportunities for using Google Analytics here are noted
• Migrations are safe for a large db

Studio-specifc:

• All user-facing strings are translated properly
• The notranslate class been added to elements that shouldn't be translated by Google Chrome's automatic translation feature (e.g. icons, user-generated text)
• All UI components are LTR and RTL compliant
• Views are organized into pages, components, and layouts directories as described in the docs
• Users' storage used is recalculated properly on any changes to main tree files
• If there new ways this uses user data that needs to be factored into our Privacy Policy, it has been noted.

Testing:

• Code is clean and well-commented
• Contributor has fully tested the PR manually
• If there are any front-end changes, before/after screenshots are included
• Critical user journeys are covered by Gherkin stories
• Any new interactions have been added to the QA Sheet
• Critical and brittle code paths are covered by unit tests

Reviewer's Checklist

This section is for reviewers to fill out.

• Automated test coverage is satisfactory
• PR is fully functional
• PR has been tested for accessibility regressions
• External dependency files were updated if necessary (yarn and pip)
• Documentation is updated
• Contributor is in AUTHORS.md

[rtibbles]

Can return early here - could in theory just pass and make no return as None is falsy, but the explicitness feels neater.

[vkWeb]

@rtibbles feedback addressed. Right now, I'm on my Windows (playing games), so did the changes from GitHub's UI.