Bug 27117: Only place_holds permission is needed to adjust pickup locations

Bug 27117: Only place_holds permission is needed to adjust pickup locations

The GET /pickup_locations route is requesting the whole reserveforothers
permission whereas only the subpermission place_holds is needed.

Test plan:
0. Don't apply this patch
1. Set the subpermission place_holds but modify_holds_priority
2. Edit a hold and click the pickup library dropdown list
3. You get a JS alert and log displays
  GET /api/v1/app.pl/api/v1/holds/5/pickup_locations
  403 Forbidden
4. Apply this patch
5. Reload the page, click the dropdown list, modify the pickup location
and save
=> Success!

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit 69c01ee0f2dccd04cfbe8201ba580a15727f5280)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>