Problem/Motivation
ECA comes with 2 different ways to switch the user account in order to escalate privileges: either use the User: switch current account somewhere with ECA models or configure ECA such that it always executes models under a specific user account.
The latter turns out to be a terrible idea because it renders all permission based decisions unusable.
Using the switch user account action has downsides when model should be used on various Drupal installations because you either have to use the user 1 with all privileges or, for security reasons, another highly privileged user. The former might be insecure, the latter requires the same user ID to be present on all Drupal sites where such models get used.
Proposed resolution
To resolve this, let's add another configuration to the ECA settings: Service user account. On each site, a specific user account can be selected. This user can get sufficient privileges, and you can also make sure that nobody knows the password so that no one ever logs into that account for interactive usage. Another benefit will then be, that log messages will be recorded with that ECA service user, which makes it easy to identify if something important happened.
We then also need a new action plugin that lets models switch to the service user.
This action plugin does exactly the same as the existing switch user action but won't be configurable on a per action basis, but on a per site basis. If the site doesn't have any service user defined, this new action will just void, and do nothing.
