Api/DeckController: don't return sessions by other users

With 0af425c the `index` method was
changed to include sessions **of the current user** in the response if
all decks for a module get queried. But the added statement

```
...->with(['sessions') => function (...) {...}])->with('sessions.answerChoices')->...
```

actually doesn't work as intended, as the second `with` statement loads
all sessions and not only those for the subset of the first `with`
selection. Instead, the right approach seems to be to add the with
statement to the sessions subquery:

```
$query->where('user_id', '=', Auth::id())->with('answerChoices');
```

Author: schu

app/Http/Controllers/Api/DeckController.php

@@ -20,18 +20,17 @@ public function index(Request $request)
 
         if ($request->module) {
             // Return all public decks for the given module
-            return response()->json(
-                Deck::where([
-                    ['module_id', '=', $request->module],
-                    ['access', '=', 'public-rw-listed'],
-                ])
-                ->with('module', 'module.subject', 'questions:id,is_invalid', 'questions.images:id,question_id')
-                ->with(['sessions' => function ($query) {
-                    $query->where('user_id', '=', Auth::id());
-                }])
-                ->with('sessions.answerChoices')
-                ->get()
-            );
+            $decks = Deck::where([
+                ['module_id', '=', $request->module],
+                ['access', '=', 'public-rw-listed'],
+            ])
+            ->with('module', 'module.subject', 'questions:id,is_invalid', 'questions.images:id,question_id')
+            ->with(['sessions' => function ($query) {
+                $query->where('user_id', '=', Auth::id())->with('answerChoices');
+            }])
+            ->get();
+
+            return response()->json($decks);
         }
         if ($request->decks) {
             // Return the decks with the given IDs; this endpoint