update_issues hook does not update issues marked as sensitive

[fhd]

How to reproduce

1. Create an issue and mark it as confidential/sensitive.
2. Make a commit to any repository that has the update_issues hook configured referring to the issue just created.

Observed behaviour

No comment gets added to the issue.

Expected behaviour

The hook should add a comment to the issue, referencing the commit.

Notes

The issue where we first noticed this is #3719.

[sebastian]

I would suppose that this is rather an issue with the permissions, rather than a bug in the code. Does the abpbot user have permissions to access confidential issues?

[fhd]

How I understood it, it has universal access... But let me try and grant that permission explicitly.

[fhd]

Done. But TBH I would be mildly surprised if this changes much. How I understand it, the XML_RPC permission is sufficient for unrestricted database access. Well, we'll see.

[sebastian]

The XML_RPC permission is used to grant users access to using the RPC interface

So how I understand it, that permission doesn't do anything, except granting access to /rpc endpoint.

[fhd]

How I understood it, that permission provides unrestricted database access through the API. But apparently sensitive issues at least are a different matter because giving the abpbot user the SENSITIVE_VIEW permission actually does fix this, just verified with #3806 and some commits pushed to the adblockplussafariios repository which I'm going to strip now. Without the permission, updating the issue fails, with the permission, it works just fine.