fix: prevent access to docs in trash from deleted private collections (#2431)

* Check for collection in deleted document

* Add tests

* Use update policy

* Set paranoid to false when fetching deleted doc

* Update policy

server/policies/document.js

@@ -135,6 +135,11 @@ allow(User, "permanentDelete", Document, (user, document) => {
 allow(User, "restore", Document, (user, document) => {
   if (user.isViewer) return false;
   if (!document.deletedAt) return false;
+
+  if (document.collection && cannot(user, "update", document.collection)) {
+    return false;
+  }
+
   return user.teamId === document.teamId;
 });