We have a neighborhood flag
private_projects that determines whether neighborhood admins can create a project as private. However, currently after registering a project a project admin can change their 'read' permission to not allow
*anonymous. That makes the project private.
We should only allow that ACL change (removing anonymous read) within neighborhoods that allow private projects and by neighborhood admins (so it matches the restrictions at project creation time). Otherwise show an error message if attempted.