List of entries in _principals and _contexts should require admin
Description
Getting a list of all entries in a context, especially for _principals and _contexts is not a good idea. If a list of users is leveraged it simplifies brute force attacks.
Also, since it is potentially an expensive operation it should probably not be allowed unless you are admin.
Environment
None