As Ben implied,
server-side filters are only supported for service access, not system component access, at this time. Filtering on system components was implemented in the UI but not in the backend. As mentioned in the docs, filtering was implemented originally to provide DB service control. It’s not intended to restrict system components.
If you’re concerned about someone POSTing "is_sys_admin":true I recommend writing a script on system.user.post.pre_process that strips all values from the POSTed body except for "email".