Package Instance

Unsafe plugins can be installed via pack import by tenant admins
### Summary
Unsafe plugins (for instance `sql-list`) can be installed in subdomain tenants via pack import even if unsafe plugin installation for tenants is disables

### Details
I have an example
https://bot20230704.saltcorn.com/view/all_plugins
It's publicly accessible (but has not so secure values except list of tenants).
But using this mech one can read **any** data from other tenants.

### Impact
All tenants of installation (i.e. `saltcorn.com`), can be compromised from tenant user has admin access. If an untrusted user has admin rights to a tenant instance, they will be able to install a plug-in that can access information from other tenants

### Revived after 0.8.7
After patch in 0.8.7 this is not fixed completely.

Here are steps to reproduce:
1. Publish to NPM plugin that was not approved by admin (in case of saltcorn.com) by @glutamate. I've just published this one: https://www.npmjs.com/package/saltcorn-qrcode
2. Publish somewhere plugin store that includes plugin from previous step: https://gist.github.com/pyhedgehog/f1fd7cb13f4d0a7ccf6a965748d19bd2
3. Add plugin store link to tenant store.
4. Install plugin.
5. Use it in tenant: https://bot20230704.saltcorn.com/view/testqr_show/1

Here are logic:
Unsafe plugins checked against this list:
https://github.com/saltcorn/saltcorn/blob/99fe277e497fd193bb070acd8c663aa254a9907c/packages/server/load_plugins.js#L191
But it's under control of tenant admin, not server admin.
Proposed login:
```javascript
const safes = getRootState().getConfig("available_plugins",[]).filter(p=>!p.unsafe).map(p=>p.location);
```