Perform visibility checks on notification subjects at the query level

This will prevent a notification from being seen by a user if its
subject is deleted or undergoes some kind of permission change (eg.
a discussion is moved into a private tag)

ref #1380

src/User/User.php

@@ -437,6 +437,7 @@ class User extends AbstractModel
                 ->whereIn('type', $this->getAlertableNotificationTypes())
                 ->whereNull('read_at')
                 ->where('is_deleted', false)
+                ->whereSubjectVisibleTo($this)
                 ->get();
         }