Require `list_id` in SubscriptionsController#find_all()
We discussed previously that we accept only a filter as optional argument to
SubscriptionsController#list_id(). While looking at the authorizer policies I came to the conclusion that we do need the
list_id in order to properly authorize the action: currently that
find_all asks for
Subscription, :list — but in order to check if subscribers may see the list of subscriptions we must know which list the request is about (ask the authorizer for
list, :list_subscriptions), and therefore we need the list_id as argument to the method.