Spike - RBAC AuthZ - review content tagging legacy permissions

[rodmgwgu]

Related PR and discussion: #38173

The has_view_object_tags_access method in openedx/core/djangoapps/content_tagging/auth.py is used for validating permissions on tag exporting for courses.

However, this method not only takes into account permissions for courses, but also for other kind of objects.

As part of the AuthZ for Course Authoring project, a new check for authz permissions on courses was added, however the legacy permission check was kept as a fallback for non-course objects.

We should revisit this to fully understand this method use cases and identify next steps.