In general ERP5, Person is the the unique user provider where you can login with, however, other project may implement different user types, like, Compute Node, Software Instance, Application Bot or external services.
Since, the different Users can contains different login types (Certificate Login, ERP5 Login, ..), it is only natural to introduce getPortalUserTypeList for handle such use case.
For now, Assignment management is only implemented for Person, so I am not changing the ERP5 Security, since it is not exactly mandatory and more specific use cases should be consider to change ERP5 Security.
Said that, the motifivation for this change is not require fork asSecurityGroupIdSet whenever an implementation introduce more them one type of user capable of login.