Authenticate Runtime::Feature as admin

Uses an admin access token if one is provided (via
GITLAB_QA_ADMIN_ACCESS_TOKEN)

Otherwise it uses the admin username and password via Runtime::Env.
Those credentials fallback on the default username and password if
GITLAB_ADMIN_USERNAME and GITLAB_ADMIN_PASSWORD are not set, so it
checks if the user with those credentials has admin access, and raises
an exception if it doesn't.

qa/qa/resource/user.rb

@@ -17,6 +17,10 @@ module QA
         @unique_id = SecureRandom.hex(8)
       end
 
+      def admin?
+        api_resource&.dig(:is_admin) || false
+      end
+
       def username
         @username || "qa-user-#{unique_id}"
       end

qa/qa/runtime/feature.rb

@@ -7,6 +7,7 @@ module QA
       extend Support::Api
 
       SetFeatureError = Class.new(RuntimeError)
+      AuthorizationError = Class.new(RuntimeError)
 
       def enable(key)
         QA::Runtime::Logger.info("Enabling feature: #{key}")
@@ -26,7 +27,22 @@ module QA
       private
 
       def api_client
-        @api_client ||= Runtime::API::Client.new(:gitlab)
+        @api_client ||= begin
+          if Runtime::Env.admin_personal_access_token
+            Runtime::API::Client.new(:gitlab, personal_access_token: Runtime::Env.admin_personal_access_token)
+          else
+            user = Resource::User.fabricate_via_api! do |user|
+              user.username = Runtime::User.admin_username
+              user.password = Runtime::User.admin_password
+            end
+
+            unless user.admin?
+              raise AuthorizationError, "Administrator access is required to enable/disable feature flags. User '#{user.username}' is not an administrator."
+            end
+
+            Runtime::API::Client.new(:gitlab, user: user)
+          end
+        end
       end
 
       def set_feature(key, value)