Prevent admins and moderators eavesdropping in private and direct toots (#7067)

Fix #6986

app/controllers/admin/statuses_controller.rb

@@ -12,7 +12,7 @@ module Admin
     def index
       authorize :status, :index?
 
-      @statuses = @account.statuses
+      @statuses = @account.statuses.where(visibility: [:public, :unlisted])
 
       if params[:media]
         account_media_status_ids = @account.media_attachments.attached.reorder(nil).select(:status_id).distinct