Fix(LockedField): prevent purge of lockedField without authorization on the linked object entity

[stonebuzz]

Checklist before requesting a review

Please delete options that are not relevant.

• [x] I have read the CONTRIBUTING document.
• [x] I have performed a self-review of my code.
• [ ] I have added tests that prove my fix is effective or that my feature works.
• [ ] This change requires a documentation update.

Description

GLPI does not respect the current user's permissions when deleting (purging) a LockedField.

This allows a LockedField linked to an object from another entity to be deleted.

I am also questioning the handling of global LockedFields. Currently, anyone with the UPDATE permission can delete a global lock (with or without this PR), regardless of the entity, as the LockedField object does not include an entities_id.

• It fixes !35279

Screenshots (if appropriate):

[trasher]

Seems correct, could you add a test please?