GHSA-v6qf-75pr-p96m: Open WebUI: Authenticated users can bypass model access control via exposed query parameter [AI-ASSISTED]

Open WebUI has a security flaw where an internal-only parameter called `bypass_filter` is accidentally exposed through the HTTP query string on chat endpoints. Any authenticated user can append `?bypass_filter=true` to requests, which skips access control checks (the rules that prevent regular users from using admin-restricted models), allowing them to use models they shouldn't have permission to access.