Bug 33702: Patrons should only see their own ILLs in the OPAC

To reproduce:
- Enable the ILL module
- Install the FreeForm backend as described here:
  https://wiki.koha-community.org/wiki/ILL_backends
- Go to the ILL module and add two different ILL requests by
  clicking on "New ILL request" and entering the necessary details.
- Make sure you connect the two requests to two *different* patrons
  in the field marked "Card number, username or surname"
- Make the two titles different, and make a not of which title is
  connected to which patron
- Log in as one of the two patrons who now have an ILL request each,
  in the OPAC
- Go to the "Interlibrary loan requests" tab
- Click on "View" for the request connected to this patron. The URL
  will look like something like this:
  http://<opac>/cgi-bin/koha/opac-illrequests.pl?method=view&illrequest_id=2
- Now change the number at the end to correspond to the the ILL request
  connected to the *other* patron
- Verify you can see the details of an ILL request conncted to another
  patron than the patron you are logged in as

To test:
- Apply the patch
- Restart all the things if you are testing with ktd
- Reload the detail view of the ILL request that belongs to the patron
  you are not logged in as
- Verify you are redirect to the 404 page and can not see the details
  of the request that belongs to the patron you are not logged in as

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

opac/opac-illrequests.pl

@@ -75,6 +75,11 @@ if ( $op eq 'list' ) {
         borrowernumber => $loggedinuser,
         illrequest_id  => $params->{illrequest_id}
     });
+    # Make sure the request belongs to the logged in user
+    unless ( $request->borrowernumber == $loggedinuser ) {
+        print $query->redirect("/cgi-bin/koha/errors/404.pl");
+        exit;
+    }
     $template->param(
         request => $request
     );