Anonymous user can't see public group members in GraphQL API

In !48372 (comment 453452105), I noticed an inconsistency in our GraphQL API for anonymous users:

1. You can see members of public projects.
2. You can't see members of public groups.

!48372 (comment 457047504) goes into much more detail, but the problem is that while GroupMemberPolicy delegates to its group (for permissions like read_group, which we use here), there's a prevent_all for anonymous users: https://gitlab.com/gitlab-org/gitlab/-/blob/4e09a04dfb24768cd638704c22e3f1b7511d24db/app/policies/group_member_policy.rb#L13

In !47455 (merged) @alexkalderimis fixed a similar thing for group owners. We probably want to do the same here, but as we're looking at anonymous users there may be additional things we need to prevent explicitly. This line of code has been around for a while, too 🙂