MDL-67748 admin: Improve get_missing_capabilities_by_users()
The previous implementation falsely reported all implicit capabilities inherited from the authenticated user archetype. That caused a lot of capabilities reported as missing, even if they were correctly granted. This new implementation uses a different logic. Instead of seeking for explicitly assigned capabilities, it searches for capabilities that are not assigned to any of the user's role across the system. Please refer to the inline documentation. This should be still used for informative reports only, not for actual permissions evaluation. The context has been ignored here, as well as all the overrides etc. This patch just makes it a lesser evil.