As we have introduced unsigned security token to replace `$tenant`, there are two kinds of security token now.

• signed security token, it indicates a tenant user which is executing the command requests.
• unsigned security token, it indicates a system admin user is executing the command requests on behalf of a tenant user.

The test tag `not_allowed_with_security_token` actually only means the test has commands which are not allowed with signed security token. It is not related with unsigned security token. We need to rename the test tag to make it more explicit.