cubicweb #1698245 Convert __message to _cwmsgid to increase security [resolved]

Using _cwmsgid with the message stored in the sesssion can prevent users from inserting unwanted text in a cubicweb site by using the __message variable.

This ticket is the first step to removing the use of __message, convert it to cwmsgid in build_url

(next step : ignore the variable when sent through GET or POST :

done in3.13.0
load left0.000
closed by#cab99ccdb774 [ui messages, xss] Start migration towards use of _msgid instead of __message (prone to XSS injection) closes #1698245