Security auditing and response

Rationale
Insecure code sucks :-)

Review queue

 * Wikibase client LinkItem - Done
 * User Metrics API - Waiting for fixes
 * EasyRDF (for Wikidata) - In process
 * Twig (for use with Fundraiser code)
 * Limn
 * Kraken

This list may not be complete (possibly due to oversight, possibly due to security reasons for not putting this out there), and may not be in priority order.