gutenberg_render_block_core_template_part should validate postId attribute as ID for a wp_template_part post

[bobbingwide]

Describe the bug
When I first started developing my experimental FSE theme called Fizzie I used export as CSV from the original site, updated the template parts, then tried to use them directly in another site.

I discovered that the postId attribute was not being fully validated.
This led to a lot of confusion until I determined that the posts being loaded were not template parts at all.

I realised that, so long as get_post_status() returns a non null value any content could be loaded.

To reproduce
Steps to reproduce the behavior:

1. Manually edit the postId attribute on a wp:template-part block to be a valid post ID.
2. View content that loads the template part.
3. See the content from the referenced post, which was not a template part.

Expected behavior
The post that's found using the postId attribute should only be used if the post_type of the post is wp_template_part.
The status should also be checked to be published.
Any other status should not be allowed.

Screenshots
See bobbingwide/fizzie#1 (comment)

Editor version (please complete the following information):

• WordPress version: [e.g: 5.3.2] 5.6-beta3
• Does the website has Gutenberg plugin installed, or is it using the block editor that comes by default? [e.g: "gutenberg plugin", "default"] 9.3.0 and Gutenberg source

Desktop (please complete the following information):

• OS: [e.g. iOS] Windows
• Browser [e.g. chrome, safari] Chrome
• Version [e.g. 22] Version 86.0.4240.111 (Official Build) (64-bit)

Additional context

• I discussed this with @youknowriad in a private conversation on Slack ( 2 Nov )
• Related: postids are included in block-template-parts & prevents FSE themes from being used across different sites.  #25845 which was fixed by FSE: Strip post ids from template part blocks on export. #26268 for new exports but doesn't cater for template part files created prior to the fix, nor users who use the code editor.

[bobbingwide]

Note: I have prototyped a fix for this in a local workaround to this and a few other problems.
See bobbingwide/fizzie#18 (comment)

[youknowriad]

@bobbingwide did you consider opening Pull Requests for some of these fixes?

[bobbingwide]

@youknowriad Yes I did. But my particular need for them to be fixed in Gutenberg right now has reduced as I have implemented local workarounds. I'm not good at creating PRs. I will try but I used to have problems with formatting pre-checks.

[youknowriad]

@bobbingwide Let me know if you need help with anything including checks.

[bobbingwide]

This problem has not been addressed in Gutenberg 10.2.0. It still only checks the post_status and not the post type of the post found using the post ID.
See #26734.