A "sudo" user can add and remove "owner" users (including themselfs)

[penggrin12]

• [x] This bug is related to Hikka userbot itself. It is not related to modules.

  Describe the bug A 'sudo' user can use owneradd on themselfs

To Reproduce Steps to reproduce the behavior:

1. Add someone to the sudo group
2. Now they can do .owneradd on themselfs, giving them owner access

Expected behavior Some sort of "Permission Denied" error

Userbot installation info:

• Platform:
  • [ ] 🕶️ Termux
  • [ ] ✌️ lavHost
  • [ ] ☁️ Okteto
  • [x] 🐳 Docker
  • [x] 🌺 Other platform (Lumihost)

• Hikka version: 1.6.1 #7008b54 (https://github.com/hikariatama/Hikka/commit/7008b54869ad16f04f2a573d7c93379ceef82db5)

Additional context An easy fix should be just to add @loader.owner on all of the *add and *rm commands in hikka_security.py (thanks to @visionavtr, for finding this out)

[hikariatama]

• Give sudo only to trusted ppl
• Always check security rules of chosen group (in this case - sudo)
• Use .tsec, it's a more convenient way to add security rules. Groups (owner, sudo and support) are kept as legacy and should not be used. If you use them, you should migrate to .tsec instead