hey folks! We are evaluating using SpiceDB at our company and I wanted to clarify something -- without the enterprise license you cannot have a way to do any sort of role based access control on the SpiceDB APIs themselves, is this right? From my reading you have to use PSKs, which would mean that any workload can have more then just "check permissions", it could also say change the policy, etc. If this is right then how is the open source version supposed to be hosted? Is the idea that we have to build some kind of service to front SpiceDB to ensure only the "check permission" API is allowed to be called by workloads (or obviously we can also get the enterprise version -- which isn't out of the question, just trying to understand).