Access to private file's of helpdesk.

A improperly implemented access controls vulnerability was found at a Larksuite endpoint that could have resulted in a team founder who was also an admin of a separate helpdesk, to view an arbitrary image from a ticket they did not have permission to view. We thank @imran_nisar for reporting this to our team.