Further limit HTTP fetching security from Openfire

Description

https://github.com/igniterealtime/Openfire/pull/1497#issuecomment-538382149

Having pondered, I worry that even if we're not displaying it, the admin console will happily fetch any file off any HTTP server it has access to. If it were me, I'd probably lean towards changing the way this works such that the servlet
(a) Only fetches favicon's from S2S connected servers, and
(b) Only fetches the favicon

Environment

None
Fixed

Assignee

Greg Thomas

Reporter

Daryl Herzmann