Fix - Include attachments in notification emails sent to anonymous requesters

[RomainLvr]

Checklist before requesting a review

Please delete options that are not relevant.

• I have read the CONTRIBUTING document.
• I have performed a self-review of my code.
• I have added tests that prove my fix is effective or that my feature works.
• This change requires a documentation update.

Description

• It fixes !42123
• Here is a brief description of what this PR does

When a ticket requester is anonymous, attachments added to followups, tasks, or solutions are partially included in the notification emails sent to them.

This is a regression introduced in 10.0.21 by #21225, which changed getAssociatedDocumentsCriteria() from bypassing rights entirely to performing explicit per-user rights checks. When the recipient is anonymous, User::getFromDBbyEmail() fails to find a matching account, leaving the User object in a "new item" state. User::hasRight() immediately returns false for any new item, so all rights checks fail and no attachments are collected.

PR #22846 (10.0.24) improved the situation for GLPI users with restricted rights but did not address the anonymous case.

Solution

In CommonITILObject::getAssociatedDocumentsCriteria(), an anonymous user (User object where isNewItem() === true) is now explicitly handled:

• Followups & Tasks: the anonymous user is allowed to see documents linked to public items (is_private = 0) only.
• Solutions: always included (no public/private concept on solutions).
• Validations: unchanged because validation documents are not sent to anonymous requesters.

Tests

Five new test cases are added to testGetAssociatedDocumentsWithoutActiveSession to cover the anonymous user path