chore: Ensure privilege validations for API endpoints (#2224)

Co-authored-by: Pranav Raj S <pranav@chatwoot.com>

spec/controllers/api/v1/accounts/inboxes_controller_spec.rb

@@ -267,6 +267,10 @@ RSpec.describe 'Inboxes API', type: :request do
   describe 'GET /api/v1/accounts/{account.id}/inboxes/{inbox.id}/agent_bot' do
     let(:inbox) { create(:inbox, account: account) }
 
+    before do
+      create(:inbox_member, user: agent, inbox: inbox)
+    end
+
     context 'when it is an unauthenticated user' do
       it 'returns unauthorized' do
         get "/api/v1/accounts/#{account.id}/inboxes/#{inbox.id}/agent_bot"