Open WebUI: Unvalidated file IDs in model meta.knowledge allow unauthorized file access

Open WebUI allows users with workspace model permissions to store arbitrary file IDs in model meta.knowledge without ownership validation. This enables reading and deleting files owned by other users via the built-in view_file tool and file API endpoints.

All Open WebUI instances where users have workspace.models or workspace.models_import permissions, or write access to existing models.

Apply the recommended fix: validate meta.knowledge entries on model create, update, and import to require file ownership or explicit access; remove authorization bypass in view_file and has_access_to_file.