NocoDB: Public shared-view endpoints no longer expose hidden column values

Public shared-view endpoints no longer expose hidden column values. The `sanitizeListArgsForPublicView` helper strips unauthorized request keys, restricts `where` clauses to visible columns, and removes filter/sort entries referencing hidden columns. `validateGroupByColumnNames` and `validateGroupColumnId` reject groupBy requests for hidden columns. `relDataList` now verifies that the linked table belongs to the same model as the current view.

All NocoDB instances that use public shared views. Anyone with a shared-view UUID could previously enumerate hidden column values, confirm hidden values via filter row counts, or read records from unrelated tables in the same base.

Update NocoDB to the latest version that includes the fix for this advisory.