fix: Security best practice URL (#4928)

Author: jessiemongeon1

doc/md/writing-motoko/message-inspection.md

@@ -56,7 +56,7 @@ An actor that fails to declare system field `inspect` will simply accept all ing
 
 :::danger
 
-System function `inspect` should **not** be used for definitive access control. This is because `inspect` is executed by a single replica, without going through full consensus. Its result could be spoofed by a malicious boundary node. Also `inspect` is not invoked for inter-canister calls. Reliable access control checks can only be performed within the `shared` functions guarded by `inspect`. See [canister development security best practices](https://internetcomputer.org/docs/current/developer-docs/security/rust-canister-development-security-best-practices#do-not-rely-on-ingress-message-inspection) for more information.
+System function `inspect` should **not** be used for definitive access control. This is because `inspect` is executed by a single replica, without going through full consensus. Its result could be spoofed by a malicious boundary node. Also `inspect` is not invoked for inter-canister calls. Reliable access control checks can only be performed within the `shared` functions guarded by `inspect`. See [canister development security best practices](https://internetcomputer.org/docs/building-apps/security/iam/#do-not-rely-on-ingress-message-inspection) for more information.
 
 :::
 
@@ -120,4 +120,4 @@ instead of expected type
   } -> Bool
 ```
 
-<img src="https://github.com/user-attachments/assets/844ca364-4d71-42b3-aaec-4a6c3509ee2e" alt="Logo" width="150" height="150" />
+<img src="https://github.com/user-attachments/assets/844ca364-4d71-42b3-aaec-4a6c3509ee2e" alt="Logo" width="150" height="150" />