Adding permissions level

That sentence looked funny and only by editing it did I see the html comment.  I think this change is right based on this doc https://docs.microsoft.com/en-us/azure/devops/organizations/security/permissions-access?view=azure-devops#azure-artifacts

Author: philipwolfe

Diff for: docs/artifacts/nuget/upstream-sources.md

@@ -45,7 +45,7 @@ To learn more about the concept of upstream sources, please see the [concepts pa
 
 ### Adding upstreams to a popular feed
 
-Once you enable the nuget.org upstream source, any <!-- what permissions tier? --> that runs a package request against your feed can save packages from nuget.org into your feed. If you've distributed your feed URL to a large set of consumers, this means that users outside your team could save packages you weren't expecting into your feed.
+Once you enable the nuget.org upstream source, any Contributor or Owner that runs a package request against your feed can save packages from nuget.org into your feed. If you've distributed your feed URL to a large set of consumers, this means that users outside your team could save packages you weren't expecting into your feed.
 
 If you're concerned about this, consider creating a new feed then adding nuget.org and your current feed as upstream sources to that feed.