This commit resolves refactors can_invite_to? to use can_invite_to_forum? for checking the site-wide permissions and then perform topic specific checkups.
can_invite_to_forum? was never used with a parameter, so it was removed.
Similarly, can_invite_to? is always used with a topic object and this is now enforced.
There was another problem before when
must_approve_users site setting
was not checked when inviting users to forum, but was checked when
inviting to a topic.
Another minor security issue was that group owners could invite to group topics even if they did not have the minimum trust level to do it.