We currently have an $ignore_admin flag on OgAccess::userAccess() which has been ported over from Drupal 7 but is currently not used anywhere. Also in D7 this was barely used, in the 8 years after it was added it was never mentioned in any issue except the original one.

The motivation for adding this originally was as follows (ref. issue #1524480):

Currently, if a user is given administer group they are authorized for every group permission. I feel this is a limitation for anyone who adds permissions with hook_og_permission and wants to check for that permission specifically. There is no way to use hook_og_user_access_alter to do this.

This use case is now covered in D8 since if you want to check if a particular user has a particular permission in a particular group you can retrieve it like this:

$membership_manager = \Drupal::service('og.membership_manager');
$has_permission = $membership_manager->getMembership($group, $user_id)->hasPermission('the permission to check');

This use case is now covered in D8 since if you want to check if a particular user has a particular permission in a particular group you can retrieve it like this:

Shouldn't we update the dochead to reflect this?

   * Determines whether a user has a given privilege.
   *
   * All permission checks in OG should go through this function. This way we
   * guarantee consistent behavior, and ensure that the superuser and group
   * administrators can perform all actions.

I think this is still correct, except maybe that it should say "All access checks" instead of "All permission checks". Access includes more things than just checking if a permission is set.