fix(user): auth option while listing user metadata (#10968)

# Which Problems Are Solved

A user from `org A` with `ORG_USER_MANAGER` role in `org B` is unable to
list user metadata for a user in `org B`.

# How the Problems Are Solved

The `auth.option` is set to a specific permission (`user.read`) in the
API definition of `ListUserMetadata`, which causes the interceptors to
check for this specific permission. In this case, there is no specific
check for org membership of a user (from org A) in a target organization
(org B), and hence the call fails even though the user has the necessary
permissions.

This has been fixed by setting the `auth.option` to `authenticated`, and
the necessary [permission checks are handled in the
query-layer](https://github.com/zitadel/zitadel/blob/main/internal/query/user_metadata.go#L173).

# Additional Changes
N/A

# Additional Context
- Closes #10925

---------

Co-authored-by: Marco A. <marco@zitadel.com>
(cherry picked from commit 196eaa84d2)

proto/zitadel/user/v2/user_service.proto

@@ -1907,7 +1907,7 @@ service UserService {
     };
 
     option (zitadel.protoc_gen_zitadel.v2.options) = {auth_option: {
-      permission: "user.read"
+      permission: "authenticated"
     }
     };