Improper Access Control Allows Trip Hijacking and Passenger/Driver PII Disclosure

@grassye discovered a critical authorization flaw in Bykea's ride booking API. The `/acknowledged_the_offer` and `/accept` endpoints failed to properly validate user ownership of a trip_id, allowing an attacker to substitute a victim's ID into the requests. This vulnerability enabled an attacker to either force an unsuspecting passenger into a ride, exposing their PII to the driver, or compel a driver to accept a trip even after they had cancelled or gone offline.