The policy `read_prometheus_alerts` already makes sure that the user has
at least maintainer access.

Add some missing specs to cover unprivileged access.