Privacy leakage in asset_transfer.go

[ghost]

Describe the bug Privacy leakage in app/asset-transfer-private-data/chaincode-go/chaincode/asset_transfer.go

To Reproduce

1. Deploy asset_transfer.go, along with the PDC definition.
2. Invoke the AgreeToTransfer function to write the private data P to the PDC.
3. Fetch the block and find corresponding transaction.
4. The private data P can be found in "payload" field

Expected behavior The private data will be included in the transaction and all peers can access.

Screenshots The private data is recorded in base64.

Desktop (please complete the following information):

• OS: Ubuntu 22.04
• Hyperledger Fabric2.4.7

Additional context leakage occurs in line 213, 289, 102, 308, 316, 445, 459, 528.

[ghost]

According to the Docs, the functions that query private data should be read-only.