Currently non-admin users can create extra-routes when the nexthop is on
router-interfaces subnets but not on external-network subnet. Indeed
user permissions are used to get router ports in order to validate
nexthops BUT non-admin users don't "see" router port on its external
network.
This change uses an elevated context instead of user context to enable
non-admins to create "external" extra-routes.
APIImpact
Closes-Bug: #1538767
Change-Id: I08b1d8586a4cd241a3589e8cb7151b77ab679124
3d5d378769