fix: restricted sibling tags appearing for unauthorized members on the sidebar

[SychO9]

Changes proposed in this pull request:
Loading the parent.children tag relation grabs the models without checking for permissions.
This PR makes sure that the relation is passed through a permission check first (repository class code) and then if a parent.children.parent relation is also included, it manually attached that relation instead of trying to eager load it.

• --> add parent.children to relation permission check array.
• --> check if a parent.children.parent relation is passed in the controller.
• --> manually attach the parent to children.
• --> remove eager loading of parent.children.parent.
• --> integration tests.

Necessity

• Has the problem that is being solved here been clearly explained?
• If applicable, have various options for solving this problem been considered?
• For core PRs, does this need to be in core, or could it be in an extension?
• Are we willing to maintain this for years / potentially forever?

Confirmed

• Frontend changes: tested on a local Flarum installation.
• Backend changes: tests are green (run composer test).
• Core developer confirmed locally this works as intended.
• Tests have been added, or are not appropriate here.