Non-readable topic/assoc may become visible through client-sync
The Topicmaps module broadcasts addTopicToTopicmap
/addAssocToTopicmap
websocket messages to all connected clients. Thus a topic/assoc might become visible on a topicmap even if the user lacks READ permission.
This happens e.g. when private topics/assocs are revealed on a shared topicmap.
Fix: for every websocket connection check if the associated user has READ permission for the topic/assoc. Only send message if so.
This is a follow-up of https://git.dmx.systems/dmx-intern/sprint-planning/-/issues/214#note_15396