Remove hidden secrets from non-owned requests on restart

The API now returns secret fields with 'hidden' placeholder values for requests not owned by the caller, instead of omitting them entirely. This caused the restart command to resubmit those masked values.

This MR strips secrets, security_group_rules_ingress, and tmt.environment from each environment before resubmitting when the user is not the request owner (403 path).