ContactInGroup: bypass permission check

Production use of the new condition “Contact is in Group“ has shown that it requires wider permissions than “Contact has Tag”, namely, read access to all contacts. In a project where this condition is used in a Form Processor that is accessed from an external website using the API, this required giving more rights to the corresponding API user than the previous condition “Contact has Tags” did.

This is caused by the fact that I use an API4 call to evaluate the condition while “has tag” uses functions provided by BAO objects. The reason is that I found no efficient way of evaluating this condition in that framework. I am not an expert in deciding whether bypassing a permission check is justified. But the query I use guerantees that only a single contact is inspected, and no contact properties are returned. Of course, information about group membership is indirectly returned (via the condition’s success or failure).

In the end, my best argument for this change is that “Contact has Tag” does not require this permission either.