Fixed members/signin_urls endpoint to take admin api key

[cathysarisky]

closes #16748

The members/:member_id/signin_urls endpoint currently only does cookie-based authentication. When #21249 is merged, turning on 2FA is going to break any 3rd party processes that use it (including my social sign-in offering).

This patch gives admin API keys 'read' permission on this endpoint, and enables 3rd party processes to handle user logins the right way, instead of via a staff member's email/password.

Migration included. Feedback appreciated.

I have the wrong name on my migration. I can see it doesn't follow the naming convention, but I'm not sure how the names are generated.

[github-actions]

It looks like this PR contains a migration 👀
Here's the checklist for reviewing migrations:

General requirements

• Satisfies idempotency requirement (both up() and down())
• Does not reference models
• Filename is in the correct format (and correctly ordered)
• Targets the next minor version
• All code paths have appropriate log messages
• Uses the correct utils
• Contains a minimal changeset
• Does not mix DDL/DML operations
• Tested in MySQL and SQLite

Schema changes

• Both schema change and related migration have been implemented
• For index changes: has been performance tested for large tables
• For new tables/columns: fields use the appropriate predefined field lengths
• For new tables/columns: field names follow the appropriate conventions
• Does not drop a non-alpha table outside of a major version

Data changes

• Mass updates/inserts are batched appropriately
• Does not loop over large tables/datasets
• Defends against missing or invalid data
• For settings updates: follows the appropriate guidelines

[9larsons]

Just the one comment. Tested this locally and looks good!

[9larsons]

LGTM. I've asked @mike182uk to also take a pass just because of the migration.