Fix 0012553: Improve handling of allow_*_own_attachments options

There exists three existing options to allow users to view, download and
delete their own attachments only (if they don't have wider permission
to view, download and delete ANY attachment within a project). These
options are:
$g_allow_view_own_attachments
$g_allow_download_own_attachments
$g_allow_delete_own_attachments

These options were not being factored into access checks correctly.
Instead of checking who uploaded the attachment we were checking whether
the current user is the reporter of the issue.... sometimes.

It is important to note that the bug_get_attachments() function in
bug_api.php no longer performs any access checks. It is up to the caller
to filter the attachments and validate access permissions. Use
file_get_visible_attachments() from file_api.php instead if you want to
get a filtered list of attachments that factors in access levels.

Thank you to Frank Rodgers for an intial patch and ideas on how to
improve the handling of these options.