[FEATURE] Prevent slowhacking

[Rainyan]

Description

A malicious map can execute evil commands for clients. This is sometimes called "slowhacking". We should add a cvar to disable these dangerous commands.

Steps to reproduce:

• Download the map: clientcmd.zip
  • Move the BSP to the maps folder
  • The VMF file is also provided if you want to open it in Hammer for inspection
• Launch the game
• Type bind x to check what your current X key bind is
• Set neo_bot_quota 0 to make the bots go away
• Load the in map clientcmd.bsp: map clientcmd
• Choose a player team Jinrai or NSF
• Spawn in the map
• Move forwards from the spawn point and you will hit a trigger brush
• Check bind x again to see what the bind is after hitting the brush

What happens:

• The X key has been re-bound to value evil by the map

entity
{
	"id" "50"
	"classname" "trigger_multiple"
	"StartDisabled" "0"
	"wait" "1"
	"spawnflags" "1"
	"origin" "8 -136 52"
	connections
	{
		"OnStartTouch" "clientcmd_foo,Command,bind x evil,0,-1"
	}

What should happen:

• The client should be protected from the malicious key re-bind

This is a contrived example of the kinds of evil manipulations a map could do on the clients, but should work as a test case.

For more information, including a list of commands we should protect at a minimum: https://developer.valvesoftware.com/wiki/Admin_Slowhacking

Proposed Solution

As a player, I want to be able to load in a custom map without worrying about the map executing malicious commands on my local client.

Alternatives Considered

We could add a cvar option for only allowing these types of commands for the official NT;RE maps (tutorial, etc).

Additional Context

• https://developer.valvesoftware.com/wiki/Admin_Slowhacking
• point_broadcastclientcommand #1338
  • Not directly related to the problem, but is a derivative command to be taken into consideration
• https://github.com/Rainyan/sourcemod-nt-cfghelper
  • This is how we historically dealt with the problem at a plugin-level, for context. But we should protect against this attack natively, rather than trying to recover from it after the damage is done.

[DESTROYGIRL]

The functionality to make this work I believe is already implemented, potentially behind TF DLL only ifdefs.
I agree that this should be fixed but we should probably review the commands with FCVAR_SERVER_CAN_EXECUTE, to ensure that we are not breaking functionality for legacy OGNT maps, the tutorial (like mentioned) and potentially some code somewhere if we are calling engine->ClientCommand
Though, the commands used in these scenarios are probably harmless so we could just give those commands flag rather than making an exception where all commands are allowed