api: Don't allow editing non-editable flags.

Previously, we didn't have validation to prevent editing certain flags
that don't make sense for a client to edit, like whether a user was
mentioned in a given message.

This isn't a security issue -- the user could only mess up their own
personal search results (etc.), but it does seem worth fixing to avoid
confusion for folks developing Zulip clients.

While we're at it, clearly document the situation in comments.

zerver/lib/actions.py

@@ -4120,9 +4120,12 @@ def do_update_message_flags(user_profile: UserProfile,
                             operation: str,
                             flag: str,
                             messages: List[int]) -> int:
-    valid_flags = [item for item in UserMessage.flags if item not in UserMessage.NON_API_FLAGS]
+    valid_flags = [item for item in UserMessage.flags
+                   if item not in UserMessage.NON_API_FLAGS]
     if flag not in valid_flags:
         raise JsonableError(_("Invalid flag: '%s'") % (flag,))
+    if flag in UserMessage.NON_EDITABLE_FLAGS:
+        raise JsonableError(_("Flag not editable: '%s'") % (flag,))
     flagattr = getattr(UserMessage.flags, flag)
 
     assert messages is not None