GHSA-7pr3-p5fm-8r9x

### Impact For regular (non-LiveQuery) queries, the session token is removed from the response, but for LiveQuery payloads it is currently not. If a user has a LiveQuery subscription on the `Parse.User` class, all session tokens created during user sign-ups will be broadcast as part of the LiveQuery payload.

### Patches Remove session token from LiveQuery payload.

### Workaround Set `user.acl(new Parse.ACL())` in a beforeSave trigger to make the user private already on sign-up.