release-21.2: server: VIEWACTIVITY role gates unredacted nodes info

[dhartunian]

Backport 1/1 commits from #78045.

/cc @cockroachdb/release

Release justification: high-priority need from customer that keeps existing functionality and adds ability to use the additional SQL role

---

Previously, the Nodes and NodesUI endpoints were gated behind the
Admin role. For the former endpoint requests would fail if the user
didn't have the Admin role, and for the latter, we'd show partially
redacted information that omitted hostnames and IP addresses.

This was deemed problematic for customers who did not want to set the
Admin role just to grant a user the ability to view detailed node
information about the cluster.

This PR changes the role gate for the endpoints above to use the
VIEWACTIVITY role option. Users with the option will be able to access
the Nodes endpoint and see unredacted nodes information at the
NodesUI endpoint used by the DB Console.

As a result, the nodes overview page as well as the node reports page
will now show unredacted information to users with VIEWACTIVITY.
(Existing functionality for Admins us also retained as those users
implicitly have the VIEWACTIVITY role.)

Resolves #77665

Release note (ui change, security update, api change): The
_status/nodes endpoint is avaible to all users with the
VIEWACTIVITY role option, not just Admins. In the DB Console, the
Nodes Overview and Node Reports pages will now display unredacted
information containing node hostnames and IP addresses for all users
with the VIEWACTIVITY role option. Previously this was also gated for
Admins only.

[cockroach-teamcity]

This change is 

[blathers-crl]

Thanks for opening a backport.

Please check the backport criteria before merging:

• Patches should only be created for serious issues or test-only changes.
• Patches should not break backwards-compatibility.
• Patches should change as little code as possible.
• Patches should not change on-disk formats or node communication protocols.
• Patches should not add new functionality.
• Patches must not add, edit, or otherwise modify cluster versions; or add version gates.

If some of the basic criteria cannot be satisfied, ensure that the exceptional criteria are satisfied within.

• There is a high priority need for the functionality that cannot wait until the next release and is difficult to address in another way.
• The new functionality is additive-only and only runs for clusters which have specifically “opted in” to it (e.g. by a cluster setting).
• New code is protected by a conditional check that is trivial to verify and ensures that it only runs for opt-in clusters.
• The PM and TL on the team that owns the changed code have signed off that the change obeys the above rules.

Add a brief release justification to the body of your PR to justify this backport.

Some other things to consider:

• What did we do to ensure that a user that doesn’t know & care about this backport, has no idea that it happened?
• Will this work in a cluster of mixed patch versions? Did we test that?
• If a user upgrades a patch version, uses this feature, and then downgrades, what happens?

[matthewtodd]

Reviewed 3 of 3 files at r1, all commit messages.
Reviewable status: complete! 1 of 0 LGTMs obtained (waiting on @rafiss)

[abarganier]

Reviewable status: complete! 2 of 0 LGTMs obtained (waiting on @rafiss)