/api/v1/statuses/:id/context: filter context activities using Visibility.visible_for_user?/2

This prevents the backend from leaking context activities around an activity to users who shouldn't have access to them.

Issue #2927.