[Security] Don't return all servers on the system when not a root admin and admin level servers are requested

Cleaned up the API endpoint by simplifying the logic and adds test case to cover this bug.

If you ever need to list _all_ of the servers on the system you should be using the application API endpoint for the servers most likely.

app/Http/Requests/Api/Client/GetServersRequest.php

@@ -2,8 +2,6 @@
 
 namespace Pterodactyl\Http\Requests\Api\Client;
 
-use Pterodactyl\Models\User;
-
 class GetServersRequest extends ClientApiRequest
 {
     /**
@@ -13,28 +11,4 @@ class GetServersRequest extends ClientApiRequest
     {
         return true;
     }
-
-    /**
-     * Return the filtering method for servers when the client base endpoint is requested.
-     *
-     * @return int
-     */
-    public function getFilterLevel(): int
-    {
-        switch ($this->input('type')) {
-            case 'all':
-                return User::FILTER_LEVEL_ALL;
-                break;
-            case 'admin':
-                return User::FILTER_LEVEL_ADMIN;
-                break;
-            case 'owner':
-                return User::FILTER_LEVEL_OWNER;
-                break;
-            case 'subuser-of':
-            default:
-                return User::FILTER_LEVEL_SUBUSER;
-                break;
-        }
-    }
 }