Unnecessery Visibility who have acces the Information to a Product

[Fatte1254]

:warning: Note on feature completeness :warning:

We are narrowing the scope of acceptable enhancements to DefectDojo. Learn more here: https://github.com/DefectDojo/django-DefectDojo/blob/master/readme-docs/CONTRIBUTING.md

Is your feature request related to a problem? Please describe A clear and concise description of what the problem is. Problem: Users with the Writer or Reader role for a product can currently view all other users who also have access to that product. This visibility is unnecessary — they do not need to know which Admins, CISOs, or other privileged users have access to the associated Product. Users should only be able to see the names of individuals explicitly mentioned in the product description. Additionally, when creating an Engagement, they should not be able to assign Admins or CISOs as engagement leads, nor should they see all users who has Access to that product.

Describe the solution you'd like Solution: Implement restricted visibility and role-based selection control for product access and engagement creation. Limit the visibility of users with access to a product — only users explicitly listed in the product description should be visible to others. Restrict the selection of Test Leads during engagement creation so that Admin and CISO roles cannot be selected. This ensures that sensitive role information remains confidential and that only authorized roles can be assigned as engagement leads.