connect.8x8.com: admin user can send invites on behalf of another admin user via POST /api/v1/users/<User ID>/invites

@emperor reported to us a vulnerability allowing admin users to send invites on behalf of another admin. The same behaviour was later utilised to invite admins under the `User Management` role (which should have been restricted). Our team put additional Access Control checks in place, which resolved the issue.