media_library access neutral + allowed causes a forbidden (MediaLibraryUiBuilder.php)

Problem/Motivation

Having a similar problem describe here : #2991698: Why does Route access checking differ from Entity access checking? but with media_library core module.

In checkAccess() in MediaLibraryUiBuilder.php we call

// Delegate any further access checking to the opener service nominated by
// the media library state.
return $this->openerResolver->get($state)->checkAccess($state, $account)
  ->andIf($can_view_media);

But if $this->openerResolver->get($state)->checkAccess($state, $account) return AccessResultNeutral we have : Neutral + Allowed which give Neutral so Forbidden.
See truth table of andIf() method :

   * Truth table:
   * @code
   *   |A N F
   * --+-----
   * A |A N F
   * N |N N F
   * F |F F F
   * @endcode

Steps to reproduce

In my case I'm working with the contrib module group (https://www.drupal.org/project/group) and its sub-module gnode.
The gnode.module implements the hook_entity_create_access hook. And this hook returns by default AccessResultNeutral.
So when I trying to upload a file through the media ui widget while creating a new content. It calls the MediaLibraryUiBuilder:checkAccess(), the user is able to view media so $can_view_media = AccessResultAllowed, but $this->openerResolver->get($state)->checkAccess($state, $account) = AccessResultNeutral (due to the hook_node_create_access in gnode.module). Then the AccessResultInterface:andIf() returns an AccessResultNeutral causing a 403 Forbidden.

Proposed resolution

In MediaLibraryUiBuilder line 209 (in the checkAccess method) we could replace the andIf by orIf.
So the checkAccess return will change from

    // Delegate any further access checking to the opener service nominated by
    // the media library state.
    return $this->openerResolver->get($state)->checkAccess($state, $account)
      ->andIf($can_view_media);

to

    // Delegate any further access checking to the opener service nominated by
    // the media library state.
    return $this->openerResolver->get($state)->checkAccess($state, $account)
      ->orIf($can_view_media);

Truth table of orIf() method :

   * Truth table:
   * @code
   *   |A N F
   * --+-----
   * A |A A F
   * N |A N F
   * F |F F F
   * @endcode

Remaining tasks

User interface changes

Introduced terminology

API changes

Data model changes

Release notes snippet