Before installing a new plugin (via Marketplace or direct upload), we should ask again the Super User to enter their password. Since a plugin can easily lead to RCE it is important to ensure that a Logged-in browser cannot be used to install custom plugins.
Similar to #2932
The feature to ask for password first will be also need in two factor authentication (https://github.com/matomo-org/matomo/issues/13325) and couple other features. So be good to build a general popover for this or screen or ... if possible
FYI: Developed this as part of https://github.com/matomo-org/matomo/issues/13325 . It'll be pretty much as easy as doing this in the controller:
$this->passwordVerify->requirePasswordVerifiedRecently(array('module' => 'TwoFactorAuth', 'action' => 'disableTwoFactorAuth', 'nonce' => $nonce);
It is not in a popup though. To be seen if it can be reused there or not.