Fix CVE-2022-24125: Make sure RequestSendMessageToPlayers can only be used to send a PushRequestAllowBreakInTarget to a single player, which is what the game uses this request for.
Fix CVE-2022-24126: Validate insecure data that is transferred between clients (session join data in matchmaking requests, ghosts, bloodstains, messages, etc.). While session join data should now be fully safe, there may be other vulnerabilities present in ghosts, bloodstains and messages. Hence these should be disabled by default as they are not required for online play.