Limit displayed models in audit logging based on permissions

[th3hamm0r]

Is your proposal related to a problem?

Currently, a user which for example is only allowed to edit pages (like users of the default editor group), still sees every logged change of any model in the audit log, e.g. changed site settings or changed users (if a superuser has changed them for example), which he actually can't see/edit, therefore he often would not know of their existence, which is bad... The user cannot view the underlying objects, because if the view permission is missing, there is no link, so that's good! But I think he should not see any log entries of models, for which he doesn't have at least the view permission.

Describe the solution you'd like

Basically, the querysets used for the filters and the listings should only use the content types, which at least can be viewed by the user.

On a first quick look I think it probably requires changes to the filter here (probably by adding/changing the API to contain a user to be used to filter get_content_type_ids()): https://github.com/wagtail/wagtail/blob/519caf25e9d088adb436cff66d4a82e5a35cbeed/wagtail/admin/views/reports/audit_logging.py#L34-L37

and changes to the listing's queryset (probably by changing viewable_by_user()): https://github.com/wagtail/wagtail/blob/519caf25e9d088adb436cff66d4a82e5a35cbeed/wagtail/admin/views/reports/audit_logging.py#L147-L156

If you are ok with my proposal, I could, maybe with some guidance, try to implement a PR for that.

[gasman]

reopening as #11020 is only a partial fix