Restrict search permissions

Closes #1642

What does this MR do?

General search endpoint /search/all:

• Foodsaver don't see the town in the preview but the home region
• In contrast to ambassadors, working groups admins don't have any additional permissions anymore
• Ambassadors only see the address in the preview of people from their regions

User search endpoint /search/user:

• Searching by ID is restricted to the region (used in the store team component)

How confident are you it won't break things if deployed?

Not very sure. The search api is a mess.

How to test

Most of it should be covered by the unit tests. Try logging in as different users and search for people in your region as well as in other regions.

Checklist

• added a test, or explain why one is not needed/possible...
• no unrelated changes
• asked someone for a code review
• set a "for:" label to indicate who will be affected by this change
• added to the next milestone (see https://gitlab.com/foodsharing-dev/foodsharing/-/milestones, unless it has a "for:Dev" label)
• added an entry to CHANGELOG.md
• added a short text that can be used in the release notes
• Once your MR has been merged, you are responsible to create a testing issue in the Beta Testing forum: https://foodsharing.de/?page=bezirk&bid=734&sub=forum. Please change the MRs label to "state:Beta testing".
  • Consider writing a detailed description in German.
  • Describe in a few sentences, what should be tested from a user perspective.
  • Also mention different settings (e.g. different browsers, roles, ...) how this change can be tested.
  • Be aware, that also non technical people should understand.

Release notes text in German

Die Berechtigungen der Suchfunktion wurden eingeschränkt. Foodsaver können nur im Stammbezirk und dessen Unterbezirken suchen. Nur Botschafter*innen können Nachnamen in den Suchergebnissen sehen.

Closes #1642