SECURITY: Act like users don't exist if hidden from viewer
When viewing Special:Contributions for a hidden user and
a missing user, or the user page of a hidden user and a
missing user, if the viewer cannot see hidden users
the output should be the same for hidden users and
missing users.
To that end
- In OutputPage.php, only set the wgRelevantUserName javascript variable if the user is not hidden, or the viewer can see hidden users
- In Article.php, show the userpage-userdoesnotexist-view on user pages of hidden users if the viewer cannot see hidden users
- In Skin.php, do not add user-specific sidebar links (contributions, logs, mute, etc.) if the user is hidden and the viewer cannot see hidden users
- In SpecialContributions.php, stop calling Skin::setRelevantUser for non-existing users, so that callers of Skin::getRelevantUser can ignore users that are hidden from the viewer without creating divergent behavior
- In SpecialContributions.php, for users that do exist but are hidden from the viewer, don't show sp-contributions-footer, but do show contributions-userdoesnotexist
Bug: T120883
Change-Id: I83b723402f315447bc4b50992e28620e3daace8f