Explain why permission check occurs before existence check

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=240355450

java/google/registry/request/auth/AuthenticatedRegistrarAccessor.java

@@ -220,6 +220,8 @@ public class AuthenticatedRegistrarAccessor {
    * @param clientId ID of the registrar we request
    */
   public Registrar getRegistrar(String clientId) throws RegistrarAccessDeniedException {
+    // Verify access before checking if the registrar exists, in order to not leak information
+    // about objects in the system the user doesn't have permissions on.
     verifyAccess(clientId);
 
     Registrar registrar =