Security fixes

GHSA-862h-v6cc-9757

In Websocket requests, a client could supply its own X-Wargate-Username header which would be appended to the upstream request, allowing the client to impersonate another user if the upstream relies on this header for authentication.

GHSA-2q37-6vxr-26jr

Incorrect authorization handling allowed an authenticated user to eavesdrop on another user's SSH session if they are able to obtain the session UUID.

Full Changelog: v0.25.5...v0.25.6