For change logs, and other services, there are places in which includeACL can be specified, but there is no peer for policies. We should make this security information available, especially when retrieving collections of objects.

This is especially helpful for the changelog case. For example, if one has a repository which shares policies across multiple objects, it would be very helpful if the (repo-specific) search crawler can retrieve the associated policies along with the change event object. This will allow for a more efficient crawler, and avoid the one-call-per-object issue.