Fix loose comparisons in authorization checks

- TicketModel.php: fix bind_param "sssi"→"issi" for ticketId in addComment()
- TicketModel.php: use strict (int) cast === for confidential ticket access check
- update_ticket.php: use strict (int) cast !== for creator/assignee auth check
- AttachmentModel.php: use strict (int) cast === for upload ownership check

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

models/AttachmentModel.php

@@ -131,7 +131,7 @@ class AttachmentModel {
         }
 
         $attachment = $this->getAttachment($attachmentId);
-        return $attachment && $attachment['uploaded_by'] == $userId;
+        return $attachment && (int)$attachment['uploaded_by'] === (int)$userId;
     }
 
     /**

models/TicketModel.php

@@ -468,7 +468,7 @@ class TicketModel {
         $markdownEnabled = $commentData['markdown_enabled'] ? 1 : 0;
         
         $stmt->bind_param(
-            "sssi",
+            "issi",
             $ticketId,
             $username,
             $commentData['comment_text'],
@@ -591,7 +591,7 @@ class TicketModel {
         // Confidential tickets: only creator, assignee, and admins
         if ($visibility === 'confidential') {
             $userId = $user['user_id'] ?? null;
-            return ($ticket['created_by'] == $userId || $ticket['assigned_to'] == $userId);
+            return ((int)$ticket['created_by'] === (int)$userId || (int)$ticket['assigned_to'] === (int)$userId);
         }
 
         // Internal tickets: check if user is in any of the allowed groups