5160: All users have API read permission to anonymous group.
Workbench makes public data available to everyone by including the
anonymous user API token as a reader token for every request.
However, model-level validations do not respect reader tokens. As a
consequence, users cannot make their project public by sharing it with
the anonymous group. They can't create the necessary link, because
the validation can't confirm that the creator can see the anonymous
group.
There are a few ways we could've tackled this, but granting all users
permission to see the anonymous group seems like the most reliable,
since it works within our existing permissions infrastructure as much
as possible.