Yeah, I ran into this issue myself and would really like to find some better way to solve this problem…
Is there no way to filter for that user relation - without having to, for example, first query via entityService.findOne() or something similar (thus already doing a DB request) - instead of just using it with filters…
Giving every authenticated user the permission to use find/findOne on the U&P user type seems like the wrong move - so maybe you’d have to create custom find/findOne controllers for the U&P plugin which then also check if … you are you…? (i.e. you’re only allowed to access yourself)