Moving private messages into vision with updateMessage method

A vulnerability has been discovered in the updateMessage Meteor Method, allowing adversaries to edit messages without proper authorization. This occurs due to insufficient permission checks for the "rid" parameter. Attackers can exploit this issue to leak private messages with known message IDs.