show approvals in read-only mode when Object Lock is enabled

[f2cmb]

• I have read the CONTRIBUTING document.
• I have performed a self-review of my code.
• I have added tests that prove my fix is effective or that my feature works.
• This change requires a documentation update.

Description

• It fixes Ticket Approvals are not shown when ticket is not locked #23455
• Here is a brief description of what this PR does:

Ticket/Change approvals were hidden when viewing items in read-only mode (Object Lock enabled) because CommonITILValidation::canView() required write-level rights (CREATE/VALIDATE/PURGE) which get stripped by the lock profile.

Adds READ to the validation rights model so viewing approvals no longer requires write permissions.

[f2cmb]

Manual backoffice testing confirmed the fix across 5 scenarios :

• approvals are visible in read-only mode without Object Lock engaged,
• approvals remain visible when the ticket is locked by another user,
• the Read-Only profile can see approvals but has no action buttons,
• Change approvals behave identically to Ticket approvals
• a profile with no validation rights correctly hides approvals from both the tab and the timeline.

This validates that the READ right addition resolves the original issue where approvals were hidden in read-only contexts, while preserving proper access control for unprivileged profiles.

[trasher]

Usually, we do not change existing "configuration" on update. There is no reliable way to know if it's not been changed, or set on purpose.

[cedric-anne]

This change is too important for a bugfixes version. Maybe it could be valid for the main branch, but before doing rights management changes, you should validate that @orthagh is OK with this.