fix(api): enforce ownership check for conversation delete

[laipz8200]

Important

1. Make sure you have read our contribution guidelines
2. Ensure there is an associated issue and you have been assigned to it
3. Use the correct syntax to link this PR: Fixes #<issue number>.

Summary

Follow-up #23591

• Fix unauthorized conversation deletion in console installed-app conversations.
• Root cause: ConversationService.delete deleted by Conversation.id directly, without ownership checks.
• Restore authorization boundary by resolving the conversation through get_conversation(...) (scoped by app, source, and current user) before deletion.
• Add regression test covering cross-account delete attempts to ensure it raises ConversationNotExistsError, preserves the conversation row, and does not trigger async cleanup.

Screenshots

Before	After
N/A (backend-only security fix)	N/A (backend-only security fix)

Checklist

• This change requires a documentation update, included: Dify Document
• I understand that this PR may be closed in case there was no previous discussion or issues. (This doesn't apply to typos!)
• I've added a test for each change that was introduced, and I tried as much as possible to make a single atomic change.
• I've updated the documentation accordingly.
• I ran make lint and make type-check (backend) and cd web && npx lint-staged (frontend) to appease the lint gods

[gemini-code-assist]

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

[github-actions]

Pyrefly Diff

No changes detected.

[github-actions]

Pyrefly Diff

No changes detected.

[github-actions]

Pyrefly Diff

No changes detected.

[github-actions]

Pyrefly Diff

No changes detected.

[github-actions]

Pyrefly Diff

No changes detected.

[github-actions]

Pyrefly Diff

No changes detected.