TinyIce: Missing authentication on WebRTC ingest endpoint allows unauthorized stream injection

TinyIce's WebRTC source-ingest HTTP endpoint, POST /webrtc/source-offer?mount=, accepted any inbound WebRTC SDP offer with no authentication check. The handler routed the offer to WebRTCManager.HandleSourceOffer, which then accepted whatever audio/video tracks the peer published and broadcast the...