Fix loose comparisons, missing response codes, and session handling

- ticket.js: escape dependency_id with lt.escHtml() in data attribute
- assign_ticket.php: strict (int) cast for ticket_id (> 0 check), authorization
  comparisons, and add missing http_response_code(400) on invalid user ID
- TicketView.php: strict (int) cast for priority select, assigned_to select,
  and comment ownership check
- CommentModel.php: strict (int) cast for parent_comment_id thread comparison
- UserModel.php: strict (int) cast for is_admin check
- export_tickets.php: conditional session_start() to avoid double-start warning

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

models/CommentModel.php

@@ -126,7 +126,7 @@ class CommentModel {
     private function buildCommentThread($comment, &$allComments) {
         $comment['replies'] = [];
         foreach ($allComments as $c) {
-            if ($c['parent_comment_id'] == $comment['comment_id']
+            if ((int)$c['parent_comment_id'] === (int)$comment['comment_id']
                 && isset($allComments[$c['comment_id']])) {
                 $comment['replies'][] = $this->buildCommentThread($c, $allComments);
             }

models/UserModel.php

@@ -227,7 +227,7 @@ class UserModel {
      * @return bool True if user is admin
      */
     public function isAdmin(array $user): bool {
-        return isset($user['is_admin']) && $user['is_admin'] == 1;
+        return isset($user['is_admin']) && (int)$user['is_admin'] === 1;
     }
 
     /**