Check security token in process_subscribe

[vincentfretin]

This is one of the point listed in #76 and discussed in #81 (comment)

We need to check if the user is allowed to subscribe to a publisher UserId in process_subscribe similar to what we do in process_join by checking publisher.joined.room_id (later room_ids plural, see #55) is in the JWT room_ids.
Even if the user have no publisher and have not joined any room, the user could subscribe to a publisher who has joined some room, as long as the user have a JWT with that room in the publisher room_ids.

We need to change the signature
Subscribe { what: Subscription }
to
Subscribe { what: Subscription, token: String }

The publisher UserID we want to subscribe to is in the param what { media: UserID }

[vincentfretin]

I should be able to work on that Q1 2022, hopefully.

[vincentfretin]

This is implemented in this PR in the community fork networked-aframe#6