Potentially untrusted information returned by `P2PStream.RemotePeerID`

[ale-linux]

When using the websocket implementation of the comm stack, the RemotePeerID returned here is the one that the server reads out from the client's StreamInfo message. The code doesn't seem to validate the information in any way, even with mutual TLS enabled. A correct implementation would

• keep the field empty without mutual TLS
• use information from the transport security layer to fill this field, as opposed to trusting the client