Tighter access checks on ingestion endpoints

The ingestion read, item, stream, and delete endpoints now require explicit tenant membership rather than just an authenticated session, closing a gap where any signed-in user could read another tenant's ingested items by guessing the URL.