A naive approach could still leak information through side channels. E.g. if you search regularly for foobar, the answer might suddenly get slower if foobar appears more in the document base.

Depending on the context it could be relevant.

But we're talking about access control, so in this case "filtering for foobar" means "filtering for stuff I'm allowed to see", and the whole point is that you can never turn that filter off to get a point of comparison.

If Joe's search is faster than Sally's because Sally has higher permissions, that's hardly a revelation.

That's nothing specific to LLM-enhanced search features though, right? Any search feature will have that side channel risk