(REF) Change CoreUtil::checkAccess() to CoreUtil::checkAccessRecord()
This change invovles a few things:
1. Pass the `AbstractAction $apiRequest` instead of the tuple `string $entity, string $action`.
2. There are a couple cases where we don't actually want to re-use the current `$apiRequest`.
Switch these using `checkAccessDelegated()`.
3. Always resolve the userID before calling `checkAccessRecord()`. `$userID===null` can mean
two different things (ie "active user" vs "anonymous user"). By
resolving this once before we do any work with `checkAccess()`, we ensure that it will
consistently mean "anonymous user" (even if there are multiple rounds of delegation).
3. Change the name from `checkAccess()` to `checkAccessRecord`. There are a few flavors of
`...checkAccess...`, and this makes it easier to differentiate when skimming.