Privacy filtering middleware for requests #387
Description
Consider the amount of information sent in a WP API request: https://duanestorey.com/posts/down-the-rabbit-hole-a-deep-look-at-the-wordpress-api. There is no reason for .org to be given an inventory of all of a site's private and internal plugins, so before sending any such requests upstream, they should be scrubbed of any plugins or themes that do not have a corresponding slug in Plugins, ClosedPlugins, or Themes.
In fact we don't really have an interest in this information either, so possibly this should be implemented early on in a Middleware. For the implementation, while it's a fast index scan to look up a slug, it is potentially a lot of them even when batched into one query, so we might want to consider a radix tree or bloom filter kept in cache (Redis and Postgres also have bloom filter support through extensions).