Problem/Motivation
The path /filter/tips is accessible to all the users, including anonymous users even if they do not have access to any input field. Though the path is excluded in ROBOTS.txt and is harmless, it doesn't appear to be serving any purpose to anyone who is not entitled to use a filter while it gets flagged in security reports for having inappropriate permissions.
Proposed resolution
In filter.routing.yml change _access for "Compose tips" to something that checks if the user has access to at least one of the filters.
Remaining tasks
Postponed on #3505370: Remove 'filter tips' and deprecate the API
Decide if Filter should installed on Umami and Standard and, if so, which roles get the new permission.
Review MR 3565