fix(security): clamp limit parameter in user search

The `index(string $filter = '', int $limit = 5)` method accepts client-controlled `limit` and passes it directly to collaborator search. Without an upper bound, an attacker can request very large limits, causing expensive directory lookups and increased response size.

Signed-off-by: tomaioo <203048277+tomaioo@users.noreply.github.com>

Author: tomaioo

lib/Controller/UserApiController.php

@@ -37,6 +37,7 @@ public function __construct(
 	#[NoAdminRequired]
 	#[RequireDocumentSession]
 	public function index(string $filter = '', int $limit = 5): DataResponse {
+		$limit = min($limit, 50);
 		$sessions = $this->sessionService->getAllSessions($this->getSession()->getDocumentId());
 
 		$users = [];