models: refactor search visibility methods.

Refactor how model visibility works in index actions:

* Call `visible` in the controller instead of in model `search`
  methods. This decouples model visibility from model searching.

* Explicitly pass CurrentUser when calling `visible`. This reduces
  hidden dependencies on the current user inside models.

* Standardize on calling the method `visible`. In some places it was
  called `permitted` instead.

* Add a `visible` base method to ApplicationModel.

app/models/post_vote.rb

@@ -26,14 +26,12 @@ class PostVote < ApplicationRecord
     positive.where(user_id: user_id).pluck(:post_id)
   end
 
-  def self.visible(user = CurrentUser.user)
-    return all if user.is_admin?
-    where(user: user)
+  def self.visible(user)
+    user.is_admin? ? all : where(user: user)
   end
 
   def self.search(params)
     q = super
-    q = q.visible
     q = q.search_attributes(params, :post, :user, :score)
     q.apply_default_order(params)
   end