This commit partially undo the access policy checks for the
GraphQL endpoints, until we find a better story to correlate
the `user_id` we sometimes receive with the info from the
`AuthenticatedUser`.