Edit or delete comment even if the user is not the creator

[marcus-gerhardy]

Q	A
Bug?	yes
New Feature?	no
Sulu Version	2.5.13
Sulu Comment Bundle Version	2.0.0
Browser Version	Google Chrome Version 123.0.6312.86 (Official Build) (64-bit)

Actual Behavior

It is possible to manipulate or delete existing comments / threads by simply sending post requests to the WebsiteController:
e.g. https://localhost:8000/threads/b69cc46e-9527-48b5-a98d-3a3634c41f05/comments/2

Neither the WebsiteController nor the CommentManager validates the current user with the creator of the comment.

Expected Behavior

Only the creator of the comment should be able to delete or edit the comment.

Steps to Reproduce

1. Create a comment on the website frontend
2. Send post or delete request with threadId and commentId (you can find them in the html code on the frontend)

[alexander-schranz]

Seems to be introduced in #31 /cc @wachterjohannes @martinlagler @chirimoya

Critical point I think is that comment bundle does not always mean there is a user / login. So this API maybe should not be available when not have a login.