update: changed default anonymous permissions to none

Calum Mackervoyrequested to merge
default-anon-user-perms into master

Closes #78

What

Changes the default anonymous permissions on the user model (/users/ to be empty). Can be overridden with the package setting USER_ANONYMOUS_PERMISSIONS

Why

Because it was suggested that exposing the list of users and their details by default is a security vulnerability

Edited by Calum Mackervoy

Merge request reports