Ref T6817. Fixes T8731. On the old secure host, feed.public was set to true. I didn't bring the option over, which caused the secondary issue in T8731.
Specifically, when feed.public is off, a logged-out user looking at feed can't see any stories, so they query all of feed until they hit the time limit.
To fix this immediately, just use the most open policy, which is basically equivalent but always correct.
To fix this more thoroughly:
- Remove feed.public, which violates policies and has been slated for removal for a while (see T6817).
- Clean up policy handling.