Move logic to check 'Modify Account' for secondary emails into InternalAccountDirectory

Secondary emails of other users must only be visible to users with the
'Modify Account' capability (see change Icf3108d45f).

Secondary emails in AccountInfo are populated by
InternalAccountDirectory.fillAccountInfo if the SECONDARY_EMAILS fill
option is requested. At the moment each caller of
InternalAccountDirectory.fillAccountInfo must check for the 'Modify
Account' capability if the SECONDARY_EMAILS fill option is going to be
requested. This is error-prone and callers by easily forget to do this
permission check (e.g. change Ic8f169769 fixes a caller that was
initially overlooked). To make this safer
InternalAccountDirectory.fillAccountInfo is now checking for the 'Modify
Account' capability and the SECONDARY_EMAILS fill option is omitted if
this capability is not granted.

Change-Id: I249c27e1a76cff0ca0e685eaca26941cd0b6b31b
Signed-off-by: Edwin Kempin <ekempin@google.com>

java/com/google/gerrit/server/restapi/change/ListChangeDrafts.java

@@ -21,6 +21,7 @@ import com.google.gerrit.reviewdb.client.Comment;
 import com.google.gerrit.reviewdb.server.ReviewDb;
 import com.google.gerrit.server.CommentsUtil;
 import com.google.gerrit.server.change.ChangeResource;
+import com.google.gerrit.server.permissions.PermissionBackendException;
 import com.google.gerrit.server.query.change.ChangeData;
 import com.google.gwtorm.server.OrmException;
 import com.google.inject.Inject;
@@ -50,7 +51,7 @@ public class ListChangeDrafts implements RestReadView<ChangeResource> {
 
   @Override
   public Map<String, List<CommentInfo>> apply(ChangeResource rsrc)
-      throws AuthException, OrmException {
+      throws AuthException, OrmException, PermissionBackendException {
     if (!rsrc.getUser().isIdentifiedUser()) {
       throw new AuthException("Authentication required");
     }