Unauthorized disclosure of wiki pages in search

Summary

Wiki page appear in search results even though wiki permission is set to Only team members.

Steps to reproduce

• Create project with wiki pages.
• Change wiki permission to Only team members.
• Change project visibility to public.
• Search the project as an unauthorized user (or internal user who isn't part from the project group) e.g. http://localhost:3000/search?project_id=[project_id]&scope=wiki_blobs&search=a

What is the current bug behavior?

Show the content of wiki pages that matches the searched query.

Though opening the wiki pages directly result in: Access denied.

What is the expected correct behavior?

Not to show wiki pages.

Relevant logs and/or screenshots

Project settings:

Result page:

Same issue when the project visibility is internal and a user outside the project group search.