Deactivate api-doc access for all registered users by default
Over many years, all "Registered Users" got per default access to /api-doc. This is probably OK, when one assumes that the registered users are developers. However, providing source code access to all registered users can pose a security thread, especially on large sites.
For new installs, api-doc is now just accessible for site-wide admins. Providing more liberal rights for users can be achieved via setting the permissions via the sitemap.