saved searches: fix exploit allowing flaggers to be determined.

Fix an exploit that let you determine the flagger of a post using
`flagger:<username>` saved searches. Saved searches were performed as
DanbooruBot, but since DanbooruBot is a moderator, it let unprivileged
users do `flagger:<username>` searches. Saved searches were done as a
moderator to avoid tag limits, but this is no longer necessary since the
last PostQueryBuilder refactor.

fred get out

test/unit/saved_search_test.rb

@@ -144,6 +144,13 @@ class SavedSearchTest < ActiveSupport::TestCase
       SavedSearch.populate("does_not_exist")
       assert_equal([], SavedSearch.post_ids_for(@user.id))
     end
+
+    should "not allow users to perform privileged searches" do
+      @flag = create(:post_flag)
+      @saved_search = create(:saved_search, query: "flagger:#{@flag.creator.name}", user: @user)
+      SavedSearch.populate("flagger:#{@flag.creator.name}")
+      assert_equal([], SavedSearch.post_ids_for(@user.id))
+    end
   end
 
   context "Creating a saved search" do