the complete server installation path is visible in cloud/user endpoint

https://github.com/nextcloud/server/issues/33883 When doing a GET request on `/ocs/v1.php/cloud/user?format=json` the server returns user data, including one containing the full local server path: ``` "storageLocation": "/home/bohwaz/www/tmp/nextcloud/data/bohwaz", ``` This is not a big security issue (as you need to be logged-in to get that response), but this is data that an attacker shouldn't be able to know easily. This happens on a brand new install after using the web installer. ## Impact Sensitive internal info