It should be possible to force the policy of all tasks within a project, and users should not be able to override it.
For instance, new and existing tasks filed under the Security project would always be "Visible To" the members defined by the policy. The only way to make one of these tasks public would be to remove it from the Security project.
This task is a spin-off of the big and ambitious {T390}. Other related features are described at {T4868}.