For the record, to decrypt a message permanently, Enigmail uses code originally copied from the add-on "Header Tools Lite". Basically, the a new message is written into a file, that file is added as a message and then the original message is removed. The p≡p version of this code can be found here in
copyMessageToFolder(msgHdr, content, ...) where
msgHdr is the header of the message to be removed and
content is the MIME text of the new message:
This method has some disadvantages: The new message receives a new message header, the selection in the thread pane/message list is lost unless some additional hacks are implemented to display the "new" message, and it's visible to the user that one message disappears from the thread pane and then a new one arrives making for a rather strange behaviour. Maybe it's not that bad in the context of this bug since you plan to decrypt on filter action. There is also bug 280588 which calls for permanent decryption in local folders (due to the known search restrictions, bug 188988 and bug 1562737).
So for the benefit of all encryption solutions in the Thunderbird ecosystem, I would suggest to implement a function to replace the content of a given message in the backend. That would then trigger a re-display of the content without any unwanted side effects.
Please let us know what you think.