This change is motivated by a bug we have in Power Pack. When an unlicensed

user uploads a PDF (or any other file attachment that requires a Power

Pack license to review), the user can see the "Review" file action and

can click on the file attachment as if they have access to the review UI.

Navigating to the review UI leads to a 404, and reloading the review

request page properly shows the file attachment as un-reviewable.
This happens because the file attachment thumbnail view would assume that the

file attachment was reviewable if it had a review URL. However even though

an attachment has a review URL, it doesn't mean the user can access that

review URL.
To address this, we add a new can_access_review_ui method on the

File Attachment model, which given a user will return whether the user can

access the review UI for the file attachment. We already had two functions in

the codebase that achieved this, one public and one internal. We remove the

internal one and deprecate the public one, instead point to the new method on

the File Attachment model. And we update the file attachment thumbnail

view to check for this boolean before displaying the attachment as reviewable.

Ran unit tests.
Tested uploading a PDF document as an unlicensed user, saw that I couldn't

  review it.
Tested uploading an image file attachment as an unlicensed user, saw that

  I could review it.
Did the same tests as a licensed user.
Made sure you can't navigate to a review UI that you can't access using

  the "previous" and "next" file attachment thumbnails.