security: fix cross-repository label modification vulnerability (#8123)

https://github.com/gogs/gogs/security/advisories/GHSA-cv22-72px-f4gh

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

internal/route/repo/issue.go

@@ -1056,9 +1056,9 @@ func NewLabel(c *context.Context, f form.CreateLabel) {
 }
 
 func UpdateLabel(c *context.Context, f form.CreateLabel) {
-	l, err := database.GetLabelByID(f.ID)
+	l, err := database.GetLabelOfRepoByID(c.Repo.Repository.ID, f.ID)
 	if err != nil {
-		c.NotFoundOrError(err, "get label by ID")
+		c.NotFoundOrError(err, "get label of repository by ID")
 		return
 	}