Security fix for possible private paste bruteforcing

There was an ability to fetch private pastes by their numbers(paste_id)
which looks like security issue since could be used for bruteforcing.

Change-Id: I8e8bc9a05427a70b4203739e30a8fd8e532cfe96
Signed-off-by: Igor Shishkin <ishishkin@mirantis.com>

lodgeit/controllers/pastes.py

@@ -88,7 +88,8 @@ class PasteController(object):
         """Show an existing paste."""
         linenos = local.request.args.get('linenos') != 'no'
         paste = Paste.get(identifier)
-        if paste is None:
+
+        if (paste is None) or (paste.private and identifier.isdigit()):
             raise NotFound()
         if raw:
             return Response(paste.code, mimetype='text/plain; charset=utf-8')