Subgroups API does not show visible subgroups to authenticated non-members

Summary

API call to list subgroups does not show subgroups if the API call is authenticated, but the authenticated user is not a member of those subgroups.

Steps to reproduce

Open https://gitlab.com/api/v4/groups/gitlab-org/subgroups while not being logged in, observe non-empty response. Open the same URL while being logged in as a non-member of the gitlab organization, observe [] as a response.

What is the expected correct behavior?

The documentation clearly states

Get a list of visible direct subgroups in this group.

Output of checks

This bug happens on GitLab.com