After [#3892] is done, there should be a UI to add another user to have permission to read a private ticket. Someone with 'edit' permission on a ticket should be able to add the additional users.
I believe private tickets are implement with an artifact-level ACL, not merely a boolean flag, so the backend support should be correct. However, we should double check that the ACL is used in all relevant permission checks, so it works fully.
Notes on how 'private' currently works:
'Edit' is just recently a separate permissions, which helps some.