I see discussion of row-level policies on realtime SPAs in The Guide, but does it not make sense to define policies also when server-side rendering? E.g. letting secret_diary_entries only be visible if user_id = ihp_user_id()
and public_profile_pages only be writable where user_id = ihp_user_id()
?