Whole content of all documents of all wikis exposed to anybody with view right on Solr suggest service

Steps to reproduce:

1. Create a document "Secret" with content "Secret content" and restrict view right on it by, e.g., just granting view right for the admin group.
2. As guest user, open <xwiki-server>/xwiki/bin/get/XWiki/SuggestSolrService?outputSyntax=plain&media=json&nb=1000&query=q%3D*%3A*%0Aq.op%3DAND%0Afq%3Dtype%3ADOCUMENT%0Afl%3Dtitle_%2C+reference%2C+links%2C+doccontentraw_%2C+objcontent__&input=+ where <xwiki-server> is the URL of your XWiki installation.

Expected result:

The document "Secret" is not listed.

Actual result:

All documents of the wiki and all subwikis are listed with full title, raw content and object contents including the "Secret" document. Note: you might need to adjust the "nb=1000" parameter to return more results in case the wanted results are not included.

The actual bug is in SolrQueryExecutor#filterResponse which skips the right check when the document reference cannot be resolved. For the document reference to be resolved, the results needs to have the "wiki", "spaces" and "name" fields. If they are excluded via the "fl" query parameter, no right check is performed accordingly.

This logic is unchanged since the introduction of Solr search in XWIKI-5676 in XWiki 4.3-milestone-2, I'm not sure though this is exploitable until the introduction of the JSON support in XWIKI-11326 in XWiki 6.3-milestone-2 as only the JSON response contains the full SOLR result (including potentially the whole content and objects) and I also get errors from the XML generation.

In CVSS, this is CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N so 7.5 (high). I'm still marking this as a blocker as this is a very important data leak for XWiki and would have been a blocker according to the now deprecated severity matrix.