Federated share permissions can be increased by recipient

1. userA on serverX does a federated share to userB on serverY (this by default is read only) 2. userB accepts the share 3. userB does a request to ```https://SERVERY/apps/federatedfilesharing/notifications``` With the content. Replacing the SHARE_TOKEN, and the SHARE_ID they find in their database ``` { "notificationType": "RESHARE_CHANGE_PERMISSION", "resourceType": "file", "providerId": "SHARE_ID", "notification": { "sharedSecret": "SHARE_TOKEN", "permission": ["read", "write", "share"] } } ``` 4. userB now has full access ## Impact A recipient can increase their permissions trivially