"Request participants" custom field is not available when configuring a security level. So there is no way to both enable issue security and allow request participants to view these issues.

Documentation warns about this but offers no workaround:

Note that enabling these settings does not bypass JIRA issue-level security. If issue-level security (e.g. restricting an issue to only be viewable by the reporter) has been applied, participants may not be able to access their requests.

The workaround is to make use of Service Project Customer - Portal Access security group to meet this requirement:

Notably, if you wish to limit the Request's visibility to the Reporter & Request Participants, but not their Customer Organization (should the Request be shared with them), then as an alternative, use the User custom field value option instead, and sync Request Participants to that User Custom Field. This KB Article's steps can be repurposed to achieve that end.