fix: Remove account_id from params since it is not used (#13116)

account_id was permitted in strong parameters, allowing authenticated
admins to transfer resources (Portals, Automation Rules, Macros) to
arbitrary accounts.

 Fix: Removed account_id from permitted params in 4 controllers:
  - portals_controller.rb
  - automation_rules_controller.rb
  - macros_controller.rb
  - twilio_channels_controller.rb

app/controllers/api/v1/accounts/macros_controller.rb

@@ -60,7 +60,7 @@ class Api::V1::Accounts::MacrosController < Api::V1::Accounts::BaseController
 
   def permitted_params
     params.permit(
-      :name, :account_id, :visibility,
+      :name, :visibility,
       actions: [:action_name, { action_params: [] }]
     )
   end