Remove vusb 'reset to bootloader' hid message due to security implications

[zvecr]

Description

A malicious actor could send a well crafted hid message to a vusb board, which resets to bootloader. They would then be able to automatically flash firmware, without user intervention, firmware which is potentially compromised.

Types of Changes

• Core
• Bugfix
• New feature
• Enhancement/optimization
• Keyboard (addition or update)
• Keymap/layout/userspace (addition or update)
• Documentation

Checklist

• My code follows the code style of this project.
• My change requires a change to the documentation.
• I have updated the documentation accordingly.
• I have read the CONTRIBUTING document.
• I have added tests to cover my changes.
• I have tested the changes and verified that they work and don't break anything (as well as I can manage).

[skullydazed]

Some context- Since QMK is probably the most popular keyboard firmware we are the most likely platform to be targeted for attacks. With this code in place it's possible for a malicious actor to load compromised firmware into a user's keyboard without the user's knowledge.

[yiancar]

This is to go to bootloader from host yes?

[xyzz]

Is there the same problem in VIA? Here:

qmk_firmware/quantum/via.c

Lines 377 to 385 in 0928496

	case id_bootloader_jump: {
	// Need to send data back before the jump
	// Informs host that the command is handled
	raw_hid_send(data, length);
	// Give host time to read it
	wait_ms(100);
	bootloader_jump();
	break;
	}