tweak(gamestate/server): allow blocking of ScriptEntityStateChangeEvent

[tens0rfl0w]

Goal of this PR

• This game event is sent when a client tries to change state values on a remotely owned entity.
• Allow to block this game event from being routed to target clients to prevent potential abusive uses.

How is this PR achieving the goal

Introducing a new ConVar called 'sv_enableNetworkedScriptEntityStates' that allows blocking of the 'SCRIPT_ENTITY_STATE_CHANGE_EVENT' game event (routing is enabled by default).

This PR applies to the following area(s)

FiveM, RedM, Server

Successfully tested on

Game builds: 2699

Platforms: Windows

Checklist

• [x] Code compiles and has been tested successfully.
• [x] Code explains itself well and/or is documented.
• [x] My commit message explains what the changes do and what they are for.
• [x] No extra compilation warnings are added by these changes.

Fixes issues

fixes #2553

[gottfriedleibniz]

Under no circumstances should we be blocking events outright when there is the potential for legitimate use cases. That would also be a compatbility break.

[tens0rfl0w]

Right, I didn't think about potential valid use cases or breaking backwards compatibility.

I am aware that providing an event handler for the parsed event data is no longer really appreciated, but I didn't feel confident providing a single ConVar for blocking this event, as this is used on a lot of network stuff and several state types are abusable (but not all).

[tens0rfl0w]

In case anyone wants to review this, I created a resource to trigger every state change type: test.zip

Command is state [0-9].

(This ofc needs two online players to work + script assumes population is deactivated.)

[Pedro-Lucas14]

@gottfriedleibniz Hello, is there a date for this fix to go into production, a lot of hacks are using this flaw?

[tens0rfl0w]

As discussed, this now allows to block routing of the game event with a ConVar.

Tested with the script resource provided above.