SECURITY: Default tags to show count of topics in unrestricted categories (#19916)

Currently, `Tag#topic_count` is a count of all regular topics regardless of whether the topic is in a read restricted category or not. As a result, any users can technically poll a sensitive tag to determine if a new topic is created in a category which the user has not excess to. We classify this as a minor leak in sensitive information.

The following changes are introduced in this commit:

1. Introduce `Tag#public_topic_count` which only count topics which have been tagged with a given tag in public categories.
2. Rename `Tag#topic_count` to `Tag#staff_topic_count` which counts the same way as `Tag#topic_count`. In other words, it counts all topics tagged with a given tag regardless of the category the topic is in. The rename is also done so that we indicate that this column contains sensitive information. 
3. Change all previous spots which relied on `Topic#topic_count` to rely on `Tag.topic_column_count(guardian)` which will return the right "topic count" column to use based on the current scope. 
4. Introduce `SiteSetting.include_secure_categories_in_tag_counts` site setting to allow site administrators to always display the tag topics count using `Tag#staff_topic_count` instead.

db/migrate/20230118020114_add_public_topic_count_to_tags.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+class AddPublicTopicCountToTags < ActiveRecord::Migration[7.0]
+  def up
+    add_column :tags, :public_topic_count, :integer, default: 0, null: false
+
+    execute <<~SQL
+    UPDATE tags t
+    SET public_topic_count = x.topic_count
+    FROM (
+      SELECT
+        COUNT(topics.id) AS topic_count,
+        tags.id AS tag_id
+      FROM tags
+      INNER JOIN topic_tags ON tags.id = topic_tags.tag_id
+      INNER JOIN topics ON topics.id = topic_tags.topic_id AND topics.deleted_at IS NULL AND topics.archetype != 'private_message'
+      INNER JOIN categories ON categories.id = topics.category_id AND NOT categories.read_restricted
+      GROUP BY tags.id
+    ) x
+    WHERE x.tag_id = t.id
+    AND x.topic_count <> t.public_topic_count;
+    SQL
+  end
+
+  def down
+    raise ActiveRecord::IrreversibleMigration
+  end
+end

db/migrate/20230119000943_add_staff_topic_count_to_tags.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+class AddStaffTopicCountToTags < ActiveRecord::Migration[7.0]
+  def up
+    add_column :tags, :staff_topic_count, :integer, default: 0, null: false
+
+    execute <<~SQL
+    UPDATE tags t
+    SET staff_topic_count = x.topic_count
+    FROM (
+      SELECT COUNT(topics.id) AS topic_count, tags.id AS tag_id
+      FROM tags
+      LEFT JOIN topic_tags ON tags.id = topic_tags.tag_id
+      LEFT JOIN topics ON topics.id = topic_tags.topic_id
+      AND topics.deleted_at IS NULL
+      AND topics.archetype != 'private_message'
+      GROUP BY tags.id
+    ) x
+    WHERE x.tag_id = t.id
+    AND x.topic_count <> t.staff_topic_count
+    SQL
+  end
+
+  def down
+    raise ActiveRecord::IrreversibleMigration
+  end
+end

db/post_migrate/20230119024157_remove_topic_count_from_tags.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require "migration/column_dropper"
+
+class RemoveTopicCountFromTags < ActiveRecord::Migration[7.0]
+  DROPPED_COLUMNS ||= { tags: %i[topic_count] }
+
+  def up
+    DROPPED_COLUMNS.each { |table, columns| Migration::ColumnDropper.execute_drop(table, columns) }
+  end
+
+  def down
+    raise ActiveRecord::IrreversibleMigration
+  end
+end