[tunnelbroker] disallow windows device tokens that don't contain the correct domain
Summary:
the device token should be a valid URL and should contain the correct domain. per the docs:
It is important that the cloud service always ensures that the channel URI uses the domain "notify.windows.com". The service should never push notifications to a channel on any other domain. If the callback for your app is ever compromised, a malicious attacker could submit a channel URI to spoof WNS. Without inspecting the domain, your cloud service could potentially disclose information to this attacker unknowingly. The subdomain of the channel URI is subject to change and should not be considered when validating the channel URI.
Depends on D13020
Test Plan: tried to send an invalid windows device token and it was rejected, verified that it wasn't in DDB
Reviewers: bartek, kamil
Reviewed By: bartek, kamil
Subscribers: ashoat, tomek
Differential Revision: https://phab.comm.dev/D13022