Fix loose comparisons, missing response codes, and session handling

- ticket.js: escape dependency_id with lt.escHtml() in data attribute
- assign_ticket.php: strict (int) cast for ticket_id (> 0 check), authorization
  comparisons, and add missing http_response_code(400) on invalid user ID
- TicketView.php: strict (int) cast for priority select, assigned_to select,
  and comment ownership check
- CommentModel.php: strict (int) cast for parent_comment_id thread comparison
- UserModel.php: strict (int) cast for is_admin check
- export_tickets.php: conditional session_start() to avoid double-start warning

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

models/UserModel.php

@@ -227,7 +227,7 @@ class UserModel {
      * @return bool True if user is admin
      */
     public function isAdmin(array $user): bool {
-        return isset($user['is_admin']) && $user['is_admin'] == 1;
+        return isset($user['is_admin']) && (int)$user['is_admin'] === 1;
     }
 
     /**