What you are looking for is the user session object from the system module. Anonymous users(and logged in users) are given a session when they connect to your app and this session object is available to you in microflows via $currentSession. You can create an association from the ticket object to the session object and be able to check that association if the user tries to create another ticket.
This isn’t a perfect solution as a user could open another browser and be able to open another ticket as a separate anonymous user(because of the separate cookies) but this will get you started in limiting the number of tickets that one anonymous user session can create.
Hope this helps