[IMP] *: do not force admins to be app admins

For bugfix purposes, app administration groups have been given to
(implied by) the "Settings" group because without those rights,
opening/saving the settings crashed.

1) Do not load hidden view content

This commit uses the conditional inheritance of views
(depending on user groups) to avoid loading unnecessary view
& record content client-side.

This improves performance for admins without the specific application
admin rights, but also fixes the main bugfix problem,
caused by the webclient querying name_get for the records in relational
fields content.

Example:

sale_management adds a res.config.settings field to specify
the default sale.order.template for the current company.

If a 'Settings' user without 'sale.group_sale_manager' opens the
settings, he won't see this setting, but if a default template is
specified for the current company, the webclient will still request
the name_get of this template to the server, because the field
was present in the view, only hidden with a groups attribute.

With this commit change in sale, the field won't be in the view unless
you have the Sale manager group, avoiding the error/traceback/bug.

2) Remove implied application administration groups

Do not force the specific application groups on all 'Settings' user,
they globally do not need those rights, and if they need it, they
can add it to their account themselves.

3) Add a test to make sure settings user are able to manage settings.

4) Enforce 'settings' -> 'access rights' -> 'internal user' groups

As the previous test highlighted some 'false positives' because
it considered a settings user unable to read `crm.team`
and `stock.warehouse` records, we also took the opportunity to enforce
the fact that 'Settings' & 'Access rights' users must be internal users.

It makes no sense for a portal/public user to have access to the
settings, and didn't work anyway.

Part-of: odoo/odoo#91909