Backup service doesn't listen on localhost's non-ssl port after enforcing TLS

Steps to Reproduce
1. Create a 2 node cluster .215(kv) and .217(backup)
2. Check that backup service is listening on 8097 as expected

curl -v -u Administrator:password http://localhost:8097/api/v1/config

returns 

"history_rotation_period":30,"history_rotation_size":50}

as expected
3. Now, enforce TLS by enabling n2n encryption at level "strict"
and make the rest call again on backup service node at localhost

Actual:

* About to connect() to localhost port 8097 (#0)

*   Trying ::1...

* Connection refused

*   Trying 127.0.0.1...

* Connection refused

* Failed connect to localhost:8097; Connection refused

* Closing connection 0

curl: (7) Failed connect to localhost:8097; Connection refused

8097 is blocked on all addresses including localhost

Expected
8097(non-ssl port) is blocked on all addresses except localhost

Not particularly a bug. But filing because:
1. Per PRD, it seemed like the plan was to block non-ssl ports only on non-localhost addresses
2. Other components like memcached, clusterManagement, eventing etc keep localhost's non-ssl port open and hence wanted to know if backup service was an exception here for some reason

Misc
Note port usage can be checked alternatively using netstat/ss command (instead of checking with a rest call)

ss -4anpe | grep "8097" | grep "LISTEN" 

gives

tcp    LISTEN     0      128       *:18097                 *:*                   users:(("backup",pid=109636,fd=17)) uid:996 ino:177430285 sk:ffff97f8aa999740 <->