Previously, admins were only allowed to see the internal groups a user
belongs to. System groups as well as those from other GroupBackends were
excluded from the result. This impeded investigations in case of ACL
issues.
Allowing admins to see all groups shouldn't create a new security issue.
Even previously, admins had ways to track down any external groups which
were mentioned in Gerrit ACLs. If implemented correctly, external
GroupBackends should only provide groups which are mentioned in the
Gerrit ACLs of the corresponding project. In that case, listing all
groups for another user as admin shouldn't disclose any new information
to admins.
This change doesn't only allow admins to see all groups of a user but
also allows them to see all users who belong to an internal group even
when users are listed as members on subgroups. There is no apparent
reason to allow one direction without the other and that's why we don't
restrict it.
Change-Id: Ia71c59af6035ea23bad5a3156d1522f7dac6424b
656384bbef