Correct os-availability-zone policy check_str

os-availability-zone API policy is default to admin_or_owner[1]
but API is allowed for everyone.

This is because API does not pass the project_id in policy
target so that oslo policy can decide the ownership[2]. If no
target is passed then, policy.py add the default targets which
is nothing but context.project_id (allow for everyone try to access)
- c16315165c/nova/policy.py (L191)

AZ is user facing thing so that any user can list the AZ and use the
same for creating server. Code is behaving as expected but policy
rule check_str is confusing so let's correct it to base.RULE_ANY.

[1] c16315165c/nova/policies/attach_interfaces.py (L28)
[2] 1fcd74730d/nova/api/openstack/compute/availability_zone.py (L111)
[3] c16315165c/nova/policy.py (L191)

Closes-bug: #1862484

Change-Id: If599a984a33081a93514b1a2ea02c0d5b850da8e

nova/policies/availability_zone.py

@@ -24,7 +24,7 @@ POLICY_ROOT = 'os_compute_api:os-availability-zone:%s'
 availability_zone_policies = [
     policy.DocumentedRuleDefault(
         POLICY_ROOT % 'list',
-        base.RULE_ADMIN_OR_OWNER,
+        base.RULE_ANY,
         "List availability zone information without host information",
         [
             {