Introduce recovery tool or documentation for when someone is locked out of their own site

It could be added to existing security help topic (core/modules/help/help_topics/core.security.html.twig)

Is it desired to support the use case of a Drupal site without an administrator user? Here is an Option 3: Prohibit the last administrator user from being deleted or de-roled. Or, alternatively, add a prominent warning in the UI when the user attempts to do so.

A simpler version of option 1 is to add something to settings.php along the lines of update_free_access but that automatically assigns the Administrator role to a specified user ID, even if that role has been removed in the database?

Re #4 it doesn't have to be mutually exclusive. While we technically could babysit users via the UI, we also have to make sure we still have a recovery tool for when someone inevitably breaks their site through code or DB manipulations. This issue is about that recovery mechanism, we could discuss prevention and awareness in another issue.

I like the suggestion in #5 as it's quite simple to implement. Every request or login we check for a flag and if set, we check if the user is still an admin and recover their admin role if not. However, it leaves a lot to be answered:

1. Do we choose the admin role name and machine name for them if it's gone? Or do we ask them to specify?
2. What if they specify a machine name that's already taken, but not an admin role? Do we throw an exception?

Perhaps we need a few settings:

// Set to a user ID to recover the admin role for said user upon login.
$settings['recover_admin_role_for_user'] = FALSE;
// If the administrator role was deleted, it will be recreated with this name and label.
// Throws an exception if the machine name is already taken but the role is not an admin role.
// Only takes effect while $settings['recover_admin_role_for_user'] is not FALSE.
$settings['recover_admin_role_machine_name'] = 'administrator';
$settings['recover_admin_role_label'] = 'Administrator';