Contributed roles not taken into account when using SearchPermissionChecker

Description
When doing a permission-aware search operation, the contributed roles (such as segmentation roles) are not taken into account. This is because we get the roles directly from the UserBag, which does not include the contributed roles. We need to use the PermissionChecker's getRoleIds API to get the roles instead, since that one includes contributed roles.

Steps to Reproduce
1. Navigate to Control Panel > System Settings > Segments > Segments Service.
2. Check the Enable Assign Roles by Segment box and click Update.
3. Restart the bundle.
4. In the Global Site go to People > Segments and create a segment named "Test Segment" with the condition attribute "Signed In" set to "equals true".
5. Navigate to Control Panel > Roles > Regular Roles > Create Role named "Test Role".
6. In the "Test Role" menu, go to Assignees > Segments and assign the "Test Segment" to the "Test Role".
7. In Global Site, go to Categorization > Tags and create a tag named "Test Tag".
8. In Global Site, go to Content & Data > Web Content, and create a Basic Web Content article with the name "Test Article". Add some random content and assign the "Test Tag" to it, then publish it.
9. Go to the permissions of the "Test Article" and edit so that the View permission is only assigned to the "Test Role".
10. In the Global Site create a new dynamic collection named "Test Collection". Under "Source Item Type" select "All Types". Under "Filter Tags" select the "Test Tag".
11. Go to DXP site and create a content page named "Test Page" and place an Asset Publisher on it.
12. Configure the asset publisher to show the "Test Collection".
13. Create a new user "[email protected]", without any additional roles assigned to them.
14. Sign in as "[email protected]" and visit the "Test Page".
Expected Result: The "Test Article" would be visible to the "[email protected]" user.
Actual Result: The "Test Article" is not visible to the "[email protected]" user.