Fix inconsistent ticket access permission checking

[marien-probesys]

Today, if a user is actor of a ticket (creator, assignee or requester), he has access to the ticket, even if he's not part of the organization that the ticket belongs to.

I wonder if we should not change that so, even when he's an actor of the ticket, if he has no authorization to the orga, he has no access to the ticket.

[marien-probesys]

The problem no longer applies as I've changed the AppVoter a few months ago (see https://github.com/Probesys/bileto/commit/2a003b0bae57c8fabc623ea1fec79e0713676c24). Now, the voter can check that a user has the permission to access a ticket, but it checks the access to the organization first.

However, there are at least two problems due to this change that I didn't detect:

• the users can still see the tickets in the list if they are involved (but they get a 404 error if they try to open the tickets)
• the users still receives the notifications

I'm still not sure if the initial change (forbidding access to a ticket even if the user is involved) was a good solution as it creates a situation where the user can have some data somewhere, but without access to it.