wwbn/avideo: Stored XSS via WebSocket message json key bypass

Stored XSS vulnerability in AVideo's WebSocket messaging system: MessageSQLite.php sanitizes $json['msg'] but msgToResourceId() reads from $msg['json'] with higher priority, allowing payloads in the json key to bypass sanitization.

All AVideo instances using the default SQLite WebSocket backend (plugin/YPTSocket/MessageSQLite.php). Any authenticated attacker can execute arbitrary JavaScript in any connected user's browser session.

Replace the shallow unset in MessageSQLite.php with a call to removeAutoEvalCodeOnHTMLRecursive($json), consistent with Message.php and MessageSQLiteV2.php.