As previously implemented, only "Department and group members" could be set

Departments without email will use the system default email as the default
outgoing email.

The setting is useful in making sure the staff members with access to the
department can get alerts and available as possible assignees.

Add department setting to limit ticket assignment within department to
department members only. This is necessary for departments with strict
policy on who can access tickets.

The setting doesn't limit team assignment or auto-assignment via help topics
and ticket filters.

This is necessary to allow for creative department based access control and
alerts.

Process inline attachments in thread entry and support inline images in
piped emails

Support inline images across the system, with draft support

Migrate to a single attachment table
    That way we don't need a new table for everything we need to attach an
    inline image to (like a signature, for instance)

Add richtext support for internal notes

Implement images on site pages

* Image paste in Redactor
* Make non-local images optional
* Placeholder for non-local images
* Fix local image download hover
* Don't re-attach inline images

Fixes #575

- Move access to it's own table.
- Refactor what department membership means in relation to group access

Protect againts cross-site request forgery attacks by requiring a special
form-field or header to be sent with requests that modify ticket system
data.

This meant a slight change to the AJAX ticket locking mechanism. It was
defined to lock with a GET request; however, GET requests are defined as
safe methods and should not modify backend data (such as a lock
acquisition). Therefore, the the lock acquire AJAX method was changed to
require a POST method.

Also remove old, no-longer-used staff panel include files

And correct several undefined function errors from several source files. So
while function names in PHP are considered case-insensitive, it still makes
sense to use consistent camel casing for both defining and calling methods.
The lint test searches the code base for method calls, and then searches the
code base again looking for a function definition matching the name of the
function invoked. It's not failsafe, because it doesn't detect the class
from which the method should belong, so it's likely to have false negatives.
Furthermore, it won't work well for PHP 5 where several classes are built
into PHP (and aren't searchable in the osTicket code base).

Remove the include/staff/api.inc.php as it no longer appears to be used (and
contains references to undefined methods).