`is_user_admin` Module API returns wrong result when the experimental MSC3861 implementation is enabled

[anoadragon453]

When the experimental MSC3861 implementation is enabled through the experimental_features.msc3891 option, user authentication is delegated to an external auth provider.

The is_user_admin module API method is used by Synapse modules to determine whether the user making a request is a Synapse Admin or not. Currently, this method only checks the local DB to see if a user is an admin:

synapse/synapse/module_api/__init__.py

Lines 641 to 652 in 568051c

	async def is_user_admin(self, user_id: str) -> bool:
	"""Checks if a user is a server admin.
	Added in Synapse v1.39.0.
	Args:
	user_id: The Matrix ID of the user to check.
	Returns:
	True if the user is a server admin, False otherwise.
	"""
	return await self._store.is_server_admin(UserID.from_string(user_id))

If MSC3861 support is enabled, users who are admins will have their requests rejected by Synapse modules which use this method to gate access to endpoints.

Experimental MSC3861 support was implemented in Synapse in matrix-org/synapse#15582.