Filter out audit logs that a user cannot see

[bloodearnest]

This change ensures that users don't see audit messages that they shouldn't see.

It uses exactly same logic as previous work hiding comments/votes from users. So, this means

• Request author and other non-output-checkers cannot see private comment audit logs from any turn
• When in INDEPENDENT phase, output-checkers cannot see each others audit logs for votes/comments from the current turn
• When in CONSOLIDATING phase, output-checkers can see each others audit logs for votes/comments from the current turn, but the author cannot
• When in AUTHOR phase, authors can now see the audit logs votes and public comment from the previous turn.
• When in COMPLETE phase, all items from all turns are visible, subject to private/public rules

Fixes #534

[bloodearnest]

I realise that some of the questions are about previous comment-visibility functionality that isn't specific to the audit log, but given that this is refactoring the previous visibility code, I think it's probably worth fixing here.

Right, there is separate ticket for this, think https://github.com/opensafely-core/airlock/issues/512

For the first 3 screen shots, I think the actual visiblity is correct (i.e. whether its shown or not)? But the text explaining the visibility is all kinds of wrong, which the issue above is tracking.

For the 4th screenshot, that is a bug, as noted in my reply to another comment: https://github.com/opensafely-core/airlock/pull/570#discussion_r1687881914

[bloodearnest]

I have renamed and clarified things with comments as suggested.

I have added coverage and fixed the interaction between reject/approved/release and visible comments by taking COMPLETE status into account.

I have also fixed #512 I think by only blinding comments from the current round.