Previously we were able to detect in-vm calls as they did not have a Subject established on the AccessControlContext.

Switching to WildFly Elytron we are guaranteed to always have a SecurityIdentity as by default an anonymous one will always be created.

This task is to add an API for in-vm calls backed by security manager based permission checks to allow tasks to be executed "bypassing" access control. Our default implementation is role based so this bypass will work by assuming the SuperUser role.