GraphQL introspection query works through unauthenticated WebSocket

## Summary: It is possible to execute GraphQL introspection query through unauthenticated WebSocket connection. PoC included. ## Steps To Reproduce: To simplify reproducing I provided a simple html PoC file. 1. Start python static http server in directory with poc file: `python3 -m http.server` (this step is required to bypass CORS restrictions for opening local file in the browser) 1. Open file in the browser: http://localhost:8000/ws.html 1. GraphQL schema dump will be displayed on the page The problem occurs because of the websocket request with type `start`(maybe others too, I didn't check) allows to pass introspection query in it (`{type: "start", payload: {query: "query IntrospectionQuery{ ... }"}}`) ## Supporting Material/References: * [GraphQL — Common vulnerabilities & how to exploit them](https://medium.com/@the.bilal.rizwan/graphql-common-vulnerabilities-how-to-exploit-them-464f9fdce696) ## Impact This information reveals the full GraphQL API with all methods and data types. This can be used to perform more complex attacks.