Remove setlocal and setupvalue from `debug` table whitelist

It's likely that these could be used trick mods into revealing the insecure
environment even if they do everything right (which is already hard enough).

src/script/cpp_api/s_security.cpp

@@ -129,12 +129,10 @@ void ScriptApiSecurity::initializeSecurity()
 		"traceback",
 		"getinfo",
 		"getmetatable",
-		"setupvalue",
 		"setmetatable",
 		"upvalueid",
 		"sethook",
 		"debug",
-		"setlocal",
 	};
 	static const char *package_whitelist[] = {
 		"config",