1.2 custom forms can ping any website (DDoS)

In 1.2 beta, a new packet was added - ModalFormRequestPacket
Servers send this packet to the client to display a custom GUI.
With the `custom_form` form type, there is a `icon url` option, which doesn't actually render for custom forms created by servers.

BUT, when the form is sent to the client with an icon url, the client will send 2 pings to the URL
This can be exploited to DDoS websites/other servers by broadcasting many form packets, testing shows 1 client can send > 140 pings a second.

EDIT: This gets worse with simple_form
255 buttons with custom images in a simple_form = 255 pings