Description
while investigating a potential issue with principal-lookup thomasm made me aware of the index-option (see https://jackrabbit.apache.org/oak/docs/query/query-engine.html#Query_Option_Index_Tag) that allows to enforce the usage of a dedicated index when executing a query.
i would like to review all security relevant queries and add the index option for those that are known to be relevant for consistency and/or security.
cc: kpauls, fyi as this relates to the recent discussion regarding system-user-validation upon service-user-mapping in Sling.