"Prevent message forging via carbons" blocking legitimate carbons

[laszlovl]

"user@converse.js" is logged in on Converse as well as another client, and receives a message from "user@external.xmpp".

<body xmlns="http://jabber.org/protocol/httpbind">
    <message to="user@converse.js/converse.js-110793621"
             from="user@converse.js" type="chat" xmlns="jabber:client">
        <received xmlns="urn:xmpp:carbons:2">
            <forwarded xmlns="urn:xmpp:forward:0">
                <message xml:lang="en" to="user@converse.js/gajim.JWFYXLW2"
                         from="user@external.xmpp/gajim.O90OPUN4" type="chat" id="135b54c3-7d95-4260-bbcd-62e22069a8a5"
                         xmlns="jabber:client">
                    <bla>...</bla>
                </message>
            </forwarded>
        </received>
    </message>
</body>

This carbon is incorrectly blocked by the following code: https://github.com/conversejs/converse.js/blob/master/src/headless/converse-chatboxes.js#L946 since "user@converse.js" !== "user@external.xmpp".

Looking at https://xmpp.org/extensions/xep-0280.html#security, I presume they mean that the outer message's from should be equal to the logged-in account's jid.

Apart from fixing the check, I propose logging a warning message when the condition is triggered.