- Remove `metadata` from LiveSessionRoomCreateSerializer and ignore any
client-provided `metadata` for security (with warning log)
- Build secured room metadata server-side with explicit default lock
settings (mic/webcam/screen share locked; whiteboard/notepad/chat
unlocked) and comprehensive room features (chat, recording, breakout,
waiting room, etc.)
- Convert all request payload keys to camelCase before calling PlugNMeet
for both room creation and join token to match protocol requirements
- Extend non-admin user lock_settings in join token to include
whiteboard/notepad/chat controls
- Update live-session docs and add comprehensive PlugNMeet API docs
BREAKING CHANGE: Clients must no longer send `metadata` when creating a
room; all room settings are now enforced server-side and cannot be
overridden by the client. The serializer no longer accepts `metadata`.
