Only detach Issues from changeset if authorized

A user can detach *any* Issue from a Changeset, even if they do not have
access to it (i.e. private Issue), by calling the Source/detach page
with the appropriate parameters.

Fixes #356

Author: dregad

Source/pages/detach.php

@@ -9,6 +9,8 @@
 $f_changeset_id = gpc_get_int( 'id' );
 $f_bug_id = gpc_get_int( 'bug_id' );
 
+access_ensure_bug_level( config_get('view_bug_threshold'), $f_bug_id );
+
 $t_changeset = SourceChangeset::load( $f_changeset_id );
 $t_changeset->load_bugs();