Filter searched toots to be consistent with blocking behaviors (#5383)

app/controllers/api/v1/search_controller.rb

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 class Api::V1::SearchController < Api::BaseController
+  include Authorization
+
   RESULTS_LIMIT = 5
 
   before_action -> { doorkeeper_authorize! :read }
@@ -9,12 +11,24 @@ class Api::V1::SearchController < Api::BaseController
   respond_to :json
 
   def index
-    @search = Search.new(search_results)
+    @search = Search.new(search)
     render json: @search, serializer: REST::SearchSerializer
   end
 
   private
 
+  def search
+    search_results.tap do |search|
+      search[:statuses].keep_if do |status|
+        begin
+          authorize status, :show?
+        rescue Mastodon::NotPermittedError
+          false
+        end
+      end
+    end
+  end
+
   def search_results
     SearchService.new.call(
       params[:q],