Is there a technical reason to forbid this action: "cluster:admin/snapshot/restore"?

In the PrivilegesEvaluator.java file is there a technical reason that the snapshot call is being explicitly forbidden?

https://github.com/floragunncom/search-guard/blob/9abd8607bf3db05e4e4be209077672fb6e7b9313/src/main/java/com/floragunn/searchguard/configuration/PrivilegesEvaluator.java#L158

` public boolean evaluate(final User user, final String action, final ActionRequest request) {

    if(action.startsWith("cluster:admin/snapshot/restore")) {
        auditLog.logMissingPrivileges(action, request);
        log.warn(action + " is not allowed for a regular user");
        return false;
    }
   
    final TransportAddress caller = Objects.requireNonNull((TransportAddress) request.getFromContext(ConfigConstants.SG_REMOTE_ADDRESS));


     if (log.isDebugEnabled()) {
        log.debug("evaluate permissions for {}", user);
        log.debug("requested {} from {}", action, caller);
    }`

Yes, it would open a huge security hole.

Search Guard stores its settings, including users, roles and permissions, in a specially secured Search Guard index. The upside is that you can hot-reload all settings, and do not have to deal with configuration files on the nodes, and also do not have to restart nodes when you make changes.

Downside is that this index is also included in snapshots. An attacker can get hold of the snapshot, modify the data in the SG index, and restore from the now tampered snapshot, gaining additional privileges.

The correct way to implement this is to allow a restore (or any modification of the Search Guard index for that matter) only if the user provides an admin certificate. This is already implemented on transport level via SearchGuardAdmin (or the sgadmin.sg wrapper script). But at the moment not on REST level.