Don't allow all users to see a user's unpublished review replies.

This fixes issue 2719.
Only put public reviews and non-public reviews created by the authenticated
user in the reviews_id_map, so that unpublished replies are not seen by other
users.

1. Created a review request as user A and published it.
2. As user B, made a comment on a portion of the diff and publish it.
3. As user C, replied to the comment made in step 2 but did NOT publish it.
4. Without the patch, all users could see the comment made in step 3.  With the patch, only user C could see that comment.