update: changed default anonymous permissions to none

Closes #78

What

Changes the default anonymous permissions on the user model (/users/ to be empty). Can be overridden with the package setting USER_ANONYMOUS_PERMISSIONS

Why

Because it was suggested that exposing the list of users and their details by default is a security vulnerability