do you think a bulk permission check endpoint is something that makes sense for the api, in order to avoid round trips for many lookups? or does grpc handle connections in a way that makes that overhead pretty minimal?