Unauthenticated transcript redirect leaks ticket existence

The `/transcript/:ticketId` route had no authentication and queried the DB to redirect to the admin transcript URL — distinguishing 404 from 302, which leaks ticket-existence information to anonymous attackers.

The /transcript/:ticketId route had no authentication and queried the database to redirect to the admin transcript URL - distinguishing 404 from 302 leaks ticket-existence information to anonymous attackers.