Checking permissions of users that aren't the caller on the current request
can have implications on the security of the system. The most prominent
one is creating a group-oracle.
To limit the cases where we could potentially expose Gerrit to these
threats, PermissionBackend removes the method that was operating solely
on the provider of the current user.
Change-Id: I601ea1200a15a5f262ca0770b23cc1c7bee126b1
4bdef6c030