Load forwarded ticket/transaction as the original creator

To prevent potential information leaks in some edge cases, the generated
content of the forwarded ticket/transaction is now tied to the user
performing the forward action, instead of the scrip action current user,
which is the system user.

Author: sunnavy

lib/RT/Action/SendForward.pm

@@ -66,7 +66,7 @@ sub Prepare {
     my $txn = $self->TransactionObj;
 
     if ( $txn->Type eq 'Forward Transaction' ) {
-        my $forwarded_txn = RT::Transaction->new( $self->CurrentUser );
+        my $forwarded_txn = RT::Transaction->new( $txn->CreatorObj );
         $forwarded_txn->Load( $txn->Field );
         $self->{ForwardedTransactionObj} = $forwarded_txn;
     }
@@ -90,7 +90,9 @@ sub Prepare {
         $entity = $self->ForwardedTransactionObj->ContentAsMIME( ExpandAttachHeaders => 1 );
     }
     else {
-        my $txns = $self->TicketObj->Transactions;
+        my $ticket = RT::Ticket->new( $txn->CreatorObj );
+        $ticket->Load( $self->TicketObj->Id );
+        my $txns = $ticket->Transactions;
         $txns->Limit(
             FIELD    => 'Type',
             OPERATOR => 'IN',