Global config for Access Control the Local API

[paulpopus]

Following the discussion on Discord, it seems that some people may find it useful to have the default for overrideAccess configurable in the global config of Payload instead of manually doing it per use.

Source in documentation: https://payloadcms.com/docs/local-api/overview

I'd like to open a PR for this if it makes sense, it seems simple enough for my first PR to get accustomed with the core logic of Payload.

I'd make a new config item for the Local API:

export type LocalApiConfig = {
  /** Configures the default access control for the local API. Defaults to 'true'  */
  overrideAccess?: boolean;
};

And then in the find- functions I'd add a check for the global config with a default to true.

[xHomu]

Going through the docs, it wasn't obvious that the default Local API behavior ignores access controls altogether.

It's very easy to accidentally forget the prop, and thus exposing data that we didn't intent to. I understand that it might be too late to change overrideAccess to false by default, so global config for Local API would be much appreciated!

[xndyz]

This would be great QOL improvement