Add staff access control to search_filters and filter_preview endpoints #1784
Description
The search_filters and filter_preview function-based views in src/argus/htmx/plannedmaintenance/views.py are accessible to any authenticated user via the LoginRequiredMiddleware, but lack explicit staff access control.
All other planned maintenance views correctly use UserIsStaffMixin. These two endpoints should also be restricted to staff users (e.g. via @staff_member_required) for consistency.
Additionally, search_filters exposes filters from all users, and filter_preview accepts arbitrary filter PKs with no ownership check.
Found during review of #1770.