Remove setlocal and setupvalue from debug table whitelist

It's likely that these could be used trick mods into revealing the insecure
environment even if they do everything right (which is already hard enough).

Author: sfan5

src/script/cpp_api/s_security.cpp

@@ -129,12 +129,10 @@ void ScriptApiSecurity::initializeSecurity()
 		"traceback",
 		"getinfo",
 		"getmetatable",
-		"setupvalue",
 		"setmetatable",
 		"upvalueid",
 		"sethook",
 		"debug",
-		"setlocal",
 	};
 	static const char *package_whitelist[] = {
 		"config",