An approval rule that contains a private group can disclose information
about the membership of that group via the list of approvers for that
rule, which is constructed from all members of all groups, plus each
individual user included in the rule.

To avoid this information disclosure, hide all approvers in a rule
where even one of the groups is hidden to the viewer. This removes more
information than is strictly necessary, but is a simple fix for a hard
problem - right now, we don't track which approvers come from which
group, so it's difficult to be more precise, and this is something of
an edge case anyway.