[MC-82231] Skin data(including capes) can be relayed at any time for any user

Reported here by request of Mojang. This is a security issue as it allows abuse of the mojang cape system. When servers send skin data, clients do not check the date or owner of the skin data. This allows for a few possible scenarios to occur which shouldn't. First, users with capes could change their skins to match another user's and relay that data in order to give the appearance that any user has a cape. With this ability, the signature system loses a lot of validity.

This also could allow servers to distribute temporary promotional capes. For instance, if I had grabbed my skin data during the promotional scrolls cape days, I could then relay that data at any time and keep said cape indefinitely. This could be resolved by verifying that skin data has a recent timestamp and the owner specified in the signed data matches the user the skin data was sent for.

I've written implementations/patches of this here:
https://gist.github.com/Plazmaz/9e89bae9353d84fa5c67
and some fixes to InsecureTextureException here:
https://gist.github.com/Plazmaz/320e15309ef0b2b6c904
Note that the server then has to refresh the GameProfile data of players before it expires (have to handle name changes after joining server gracefully as well, maybe ignore them?), otherwise other clients joining after the expiration timeout of already connected players would fail to see their skins and capes.

How to reproduce (modded)

Based on 1.12.2 decompiled using MCP 9.40

Replace in the method SPacketPlayerListItem.writePacketData(PacketBuffer) the following code. The changed section is indicated using "CHANGE START" and "CHANGE END".
This will use redstonehelper's skin and cape for every player and there will be no error or warning logged.

buf.writeUniqueId(spacketplayerlistitem$addplayerdata.getProfile().getId());
buf.writeString(spacketplayerlistitem$addplayerdata.getProfile().getName());
// CHANGE START
//    buf.writeVarInt(spacketplayerlistitem$addplayerdata.getProfile().getProperties().size());
//
//    for (Property property : spacketplayerlistitem$addplayerdata.getProfile().getProperties().values())
//    {
//        buf.writeString(property.getName());
//        buf.writeString(property.getValue());
//
//        if (property.hasSignature())
//        {
//            buf.writeBoolean(true);
//            buf.writeString(property.getSignature());
//        }
//        else
//        {
//            buf.writeBoolean(false);
//        }
//    }
buf.writeVarInt(1);
buf.writeString("textures");
buf.writeString("eyJ0aW1lc3RhbXAiOjE1MzE3ODc1MTk5NDgsInByb2ZpbGVJZCI6ImM2ZDQ2MWMxZjQ5NTQwYzVhNDc1ZGRhMWI5OTM0OTBhIiwicHJvZmlsZU5hbWUiOiJyZWRzdG9uZWhlbHBlciIsInNpZ25hdHVyZVJlcXVpcmVkIjp0cnVlLCJ0ZXh0dXJlcyI6eyJTS0lOIjp7InVybCI6Imh0dHA6Ly90ZXh0dXJlcy5taW5lY3JhZnQubmV0L3RleHR1cmUvMmZjZGVjMmIxYjEzNWFlNmNkZDg5Y2FiYzE1MGVlN2Y5YTI3OTY5YzA0NmNiMWFhNTJkNzAwMTFkZjFlYmVhMCJ9LCJDQVBFIjp7InVybCI6Imh0dHA6Ly90ZXh0dXJlcy5taW5lY3JhZnQubmV0L3RleHR1cmUvYWU2NzdmN2Q5OGFjNzBhNTMzNzEzNTE4NDE2ZGY0NDUyZmU1NzAwMzY1YzA5Y2Y0NWQwZDE1NmVhOTM5NjU1MSJ9fX0=");
buf.writeBoolean(true);
buf.writeString("YMXw/uaEq9TPr4b7rhGH1eyCwr5Pp+9VEQWt8ecesgv3tkcjEIupaOu4E/x1KpuZDsUC9uQiFgtwfQp73zQMO7lWsYcfwtOxyz5CG2j0RihkRrQFvUmHscp+4dMPMyclSyy7YJiZR0RiGwdM8s4pgI7NwV9I668Wegx5AExiS2eoypNOndQIzIzpJ23LJA62VEosWalO40fhuHd+0y+4VeFYqhLLkS/HDIx5HsLqHS+xID8xmxS24IFfrsa5w3+e4lUr9i3iz+AleWpZXgZ7bwTT+3hKRktsRcHeXhWyYri62KvaCfUm/X9IQkNSGl+HHw344v9jhROLlPDYIfMLyLj7LL7iu/UpCWMUQp6XX3MVzBft4C/JiKxVfB1LuILN7M7bsHgYbddWT+O2ONKEMFe0DTEqR1dORxItE3dcxPmFwCwKG3AB70HH0F2Brh2LyhVZiBHtASIxIE9yVHj+jowAKF+49es6UVklKEvSkYuRfPKyreGp9/gy80IyIiK/t0g2Dz/C8aYg5tp0rGuOZQ0Pahuw6lntTehqd2lmvKXCzAsFjtR/qLZ0JgEhMLPC7F94vPNv0sw+GTvmcxQozsrOhuNm9VGxHOqpc9VNy6q07/4HkOBKJ+EJChXoTwKC6MlmNpAq4AkhIwITME5cqFDsPZRZekp4+mXKlryxfKI=");
// CHANGE END
buf.writeVarInt(spacketplayerlistitem$addplayerdata.getGameMode().getID());