Bug: Calendar event attendee can modify event time without being organizer

[aaronsb]

Description

When using the manage_workspace_calendar_event function with action: "update_time", an attendee who is not the event organizer can modify the event time. This should not be possible as only the event organizer should have permission to modify the event.

Steps to Reproduce

1. Create a calendar event from Account A and invite Account B
2. Using Account B (an attendee), call manage_workspace_calendar_event with:
   • action: "update_time"
   • Provide new start/end times
   • Use the original event ID

Expected Behavior

• The API should return an error or permission denied when a non-organizer attempts to modify the event time
• Non-organizers should only be able to propose new times using action: "propose_new_time"

Actual Behavior

• The API successfully updates the event time
• The change is applied immediately without requiring organizer approval
• The event is modified in all attendees' calendars

Impact

This allows any attendee to modify event times without permission, which could lead to:

• Unauthorized schedule changes
• Confusion among attendees
• Potential abuse of calendar permissions

Suggested Fix

Add permission checking to ensure only the event organizer can use update_time action. Non-organizers should receive an appropriate error message directing them to use propose_new_time instead.