Allow logged-out users to load global preferences on installs without public viewers

Summary:
Fixes T11946. When a logged-out viewer is loading a page on a non-public install, there are two policy issues which prevent them from loading global settings:

  - They can not see the Settings application itself.
  - They can not see the global settings object.

Allow them to see Settings by making mandatory applications always visible. (This doesn't make any application pages public.)

Allow them to see the global settings object explicitly.

Test Plan:
Changed default language, viewed logged-out page:

{F2076924}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11946

Differential Revision: https://secure.phabricator.com/D16983

src/applications/base/PhabricatorApplication.php

@@ -436,12 +436,21 @@ abstract class PhabricatorApplication
     if ($result === null) {
       if (!self::isClassInstalled($class)) {
         $result = false;
+      } else {
+        $application = self::getByClass($class);
+        if (!$application->canUninstall()) {
+          // If the application can not be uninstalled, always allow viewers
+          // to see it. In particular, this allows logged-out viewers to see
+          // Settings and load global default settings even if the install
+          // does not allow public viewers.
+          $result = true;
         } else {
           $result = PhabricatorPolicyFilter::hasCapability(
             $viewer,
             self::getByClass($class),
             PhabricatorPolicyCapability::CAN_VIEW);
         }
+      }
 
       $cache->setKey($key, $result);
     }

src/applications/settings/storage/PhabricatorUserPreferences.php

@@ -219,6 +219,13 @@ final class PhabricatorUserPreferences
       }
     }
 
+    switch ($this->getBuiltinKey()) {
+      case self::BUILTIN_GLOBAL_DEFAULT:
+        // NOTE: Without this policy exception, the logged-out viewer can not
+        // see global preferences.
+        return true;
+    }
+
     return false;
   }