s4:dsdb: Let requests with the AS_SYSTEM control reset an account’s password

s4:dsdb: Let requests with the AS_SYSTEM control reset an account’s password

dsdb_have_system_access() takes into account the AS_SYSTEM control as
well as the result of dsdb_module_am_system().

This change means that we can reset the password of an account without
being SYSTEM by means of the AS_SYSTEM control. This is essential for
ldapsrv_SearchRequest() to be able to process the automatic password
changes of Group Managed Service Accounts.

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>