I am guessing we should not allow for a user to pass a zed token from a client side? My guess is no because they can then ask for stale information (thinking in the context of perms getting removed here). I have a rest api that creates a "room" then goes into a websocket connection where I noticed that the updated authz info is still not reflected in authzed spacedb serverless. Any tips or patterns here people recommend? I don't want to recommend retrying to connect to get updated info so as a last resort I might just do fully consistent to get it working (but obviously don't want to do this because of the latency and loss of caching)