Auth: add IsServiceAccount to IsRealUser (#58015)

* add: IsServiceAccount to SignedInUser and IsRealUser

* fix: linting error

* refactor: add function IsServiceAccountUser()

By adding the function IsServiceAccountUser() we use it to identify for
ServiceAccounts in the HasUniqueID() since caching is built up on having
a uniqueID, see comment: https://github.com/grafana/grafana/pull/58015#discussion_r1011361880

pkg/services/user/model.go

@@ -203,6 +203,7 @@ type SignedInUser struct {
 	Name               string
 	Email              string
 	ApiKeyID           int64 `xorm:"api_key_id"`
+	IsServiceAccount   bool  `xorm:"is_service_account"`
 	OrgCount           int
 	IsGrafanaAdmin     bool
 	IsAnonymous        bool
@@ -276,16 +277,26 @@ func (u *SignedInUser) HasRole(role roletype.RoleType) bool {
 	return u.OrgRole.Includes(role)
 }
 
+// IsRealUser returns true if the user is a real user and not a service account
 func (u *SignedInUser) IsRealUser() bool {
-	return u.UserID > 0
+	// backwards compatibility
+	// checking if userId the user is a real user
+	// previously we used to check if the UserId was 0 or -1
+	// and not a service account
+	return u.UserID > 0 && !u.IsServiceAccountUser()
 }
 
 func (u *SignedInUser) IsApiKeyUser() bool {
 	return u.ApiKeyID > 0
 }
 
+// IsServiceAccountUser returns true if the user is a service account
+func (u *SignedInUser) IsServiceAccountUser() bool {
+	return u.IsServiceAccount
+}
+
 func (u *SignedInUser) HasUniqueId() bool {
-	return u.IsRealUser() || u.IsApiKeyUser()
+	return u.IsRealUser() || u.IsApiKeyUser() || u.IsServiceAccountUser()
 }
 
 func (u *SignedInUser) GetCacheKey() (string, error) {