The only way you can do that is if the account that is used to run the code (using Microsoft.Web.Administration) has the right permissions to do "runtime operations" in IIS, and by default that only includes Administrators and SYSTEM, and as you correctly point out in general exposing that level of permission from the Web is a bad idea.
What you probably should do instead is create an Application Pool or some other way to run with high-privileges but that is secured to be only accessible locally (for example using IP and Domain restrictions) and that uses an additional level of authorization checks (for example only allow to be called from the Application) and that is constrained to run the minimum code as possible and the minimum surface required, for example only recycle the pool that belongs to the user, etc. That way if your web application is compromised the damage would be much more constrained.
Now, for the curious… The following is "unsupported" so please don’t use but just providing it for informational purposes.
The API that we use in ServerManager to read configuration is known as AHADMIN and you can “hack enough to read configuration”, for example if you ACL things like:
Cd C:\Windows\System32\inetsrv\config
icacls . /grant yourUser:(R)
icacls redirection.config /grant yourUser:(R)
icacls applicationHost.config /grant yourUser:(R)
You will be able to read configuration from that point on with that user. Know that at this point encrypted properties will still fail to read since the encryption keys are also protected separately and you probably should never change the ACLs there, but everything else will be readable (except runtime properties like State, etc). You should NEVER allow write access to non-privileged accounts since that would very easily allow for elevation of privileges (for example they could create an Application Pool that runs as SYSTEM and link it to random directory where now they can run code as SYSTEM).
Now, going back to runtime state, for that we use an API we refer to as RSCA (Runtime status and control API) and that in itself is also protected to be only run as SYSTEM or administrators, and although you might find a way to hack that, it is a bad idea to change that as well. but long story short this is not supported and you might easily cause issues to the system.