Splitting from T318166. Not setting as a security ticket as the cat is out of the bag.
Log actions stored by CheckUser that are in the logging table (and thus can be suppressed) are not hidden as CheckUser does not store the log ID so that it can look up the revision deletion status. This means that checkusers who do not have the oversight permissions can access oversighted logs.
To do this CheckUser needs to store any associated log ID. This will be done in T324907. Once this has been achieved this can be fixed.