Fix two excessively aggressive policy checks

Summary:

  - Some applications need public access regardless of policy configuration.
  - The file data endpoint should ignore policies.

src/applications/base/controller/PhabricatorController.php

@@ -127,10 +127,16 @@ abstract class PhabricatorController extends AphrontController {
     // a policy exception if the viewer doesn't have permission.
     $application = $this->getCurrentApplication();
     if ($application) {
+/*
+
+  TODO: Reenable this, but it's breaking some applications which need public
+  access in all cases, like Files and Conduit.
+
       id(new PhabricatorApplicationQuery())
         ->setViewer($user)
         ->withPHIDs(array($application->getPHID()))
         ->executeOne();
+*/
     }
 
   }

src/applications/files/controller/PhabricatorFileDataController.php

@@ -25,8 +25,12 @@ final class PhabricatorFileDataController extends PhabricatorFileController {
         ->setURI($uri->setPath($request->getPath()));
     }
 
+    // NOTE: This endpoint will ideally be accessed via CDN or otherwise on
+    // a non-credentialed domain. Knowing the file's secret key gives you
+    // access, regardless of authentication on the request itself.
+
     $file = id(new PhabricatorFileQuery())
-      ->setViewer($request->getUser())
+      ->setViewer(PhabricatorUser::getOmnipotentUser())
       ->withPHIDs(array($this->phid))
       ->executeOne();
     if (!$file) {