@jhb.software/payload-alt-text-plugin@0.8.0

• feat: bound and de-duplicate the bulk-generate ids array — duplicate IDs are collapsed and requests above the new maxBulkGenerateIds option (default 100) are rejected with 400, so a single request can no longer fan out into an unbounded number of paid resolver calls
• fix: enforce collection access control in the generate and bulk-generate endpoints by running the Local API reads and writes under the requesting user (overrideAccess: false)
• fix: return the real HTTP status for access errors in the generate and bulk-generate endpoints — a Forbidden now responds 403 (and fails the whole bulk request instead of listing every id as errored) rather than a generic 500, giving API clients an accurate, non-retryable signal
• fix: reject requests to the generate and bulk-generate endpoints that target a collection the plugin does not manage with 403, before any document read or write
• fix: filter the alt text health report (endpoint and dashboard widget) to the collections the requesting user may read, so the aggregate no longer discloses counts and document IDs for collections their role cannot access
• feat: healthCheck now accepts an access function that gates the health endpoint and hides the dashboard widget, letting the collection-wide report be restricted (e.g. to admins) separately from the generate endpoints
• fix: respect update access in the admin UI — render the alt text field read-only and hide the single-document and bulk generate buttons for users without update access
• fix: reject a generate request whose locale is not among the configured locales with 400, so a write can't target an unconfigured locale and an arbitrary string can't be interpolated into the resolver's prompt