Ref T13244. See PHI1057. Currently, if you're a member of a lot of projects/packages, you can end up with a very large commit.authorPHID IN (...) clause in part of the "Active Audits" query, since your alice token in "Responsible Users: alice" expands into every package and project you can audit on behalf of.
It's impossible for a commit to be authored by anything but a user, and evidence in PHI1057 suggests this giant IN (...) list can prevent MySQL from making effective utilization of the <authorPHID, auditStatus, ...> key on the table.
Prefilter the list of PHIDs to only PHIDs which can possibly author a commit.
(We'll also eventually need to convert the authorPHIDs into identityPHIDs anyway, for T12164, and this moves us slightly toward that.)