Skip view issue permission check during jql "issue in" validation for function operands

Currently when performing a issue in X search using JQL (where X could be a literal, or a function or anything else), X is validated to ensure it only contains existing issues the current user can see. If this validation fails, the whole JQL fails to validate and a search is not even run.

After this change validation-time checking on permissions is done in the issue in clause ONLY for non-function operands. However, at search-time the normal search process ensures that search results do not contain issues the user cannot see, regardless of the types of operands. If the issue does not exist, a validation error still occurs.

For example for issue in watchedIssues() and one of the issues that you've watched become unaccessible by you, where you would have previously seen a validation error, you will now see zero results.

Currently As part of the validation, permission to view the returned issues by the current user is checked and any jql query that returns one or more issues that are not viewable by the current user will be considered invalid and the actual search will not happen.

In the happy path case, when the query passes validation, the search using the jql query will still perform another permission check to make sure that no issues that violate the permission constraints are returned to the user. So the same permission check is performed twice here, once during validation, another during search.

In addition, in jql functions (e.g., LinkedIssuesFunction) that return issue ids for the clauses like issue in, the function implementations have to perform their own permission check, in order to make sure that they return only valid issue ids to pass the jql validation. This in effect adds another round of permission check.

After this change Since jql functions are the main ones that might return a lot of issues, if we could get rid of the step of permission check in jql validation for issue in some-jql-functions, and rely only on the actual search to check permissions, we could eliminate up to two rounds of duplicated permission checks (one during jql validation, and potentially another one in the jql functions) for the majority of the jql search results.

Note that The relaxation of the permission check during validation time only applies to the potential search results. If the jql function accepts parameters that refer to issues, e.g., issue in linkedIssues("ABC-123"), it is still the responsibility of the jql function implementation to check the user's permissions to access ABC-123.