Which admin/site-admin user to be used for user impersonation implementation within my app

Through my app I have one use case that a basic user should be able to add a user to group or remove user from group. So I want to make API request on behalf of that basic user but would like to use a site-admin user for this operation.

So could you please clarify me about which admin/site-admin user to be used for user impersonation implementation within my app.

Do I need to create a site-admin user explicitly for this use case and use his accountId for user impersonation ?
(Or)
Do I need to ask the jira administrator to create a site-admin user and configure his accountId somewhere in my app ?
(Or)
Do I need to consider the user who is installing my app as site-admin and use his accountId for user impersonation ?

Also let me know with a sample on how to call native Jira Cloud GET, POST and DELETE Rest APIs using user impersonation.

Thanks in advance !