Fixes a critical exploit with the autolathe (push to dev)

Created by: Walter0o

While browsing through my server's code looking for possible exploits to fix, i noticed the following :

The autolathe can be used to duplicate any and all objs.

The faulty code accepts any refID from the usr without a safetycheck to see if the requested obj is in the autolathe_recipes list.

This works "only" on objs because it will trigger a runtime error if the object has no material vars.

The default buildcost values for obj are zero, so it always goes through the materials-check, but it would not be sufficient to plug this exploit at this point.

The trivial fix is to have a check to see if the given refID is in the autolathe_recipes list, although a datum-based construction method would probably be more robust.

As basically identical autolathe code appears to be used in Baycode , /tg/, /vg/, Para, and all other builds i could look at, i assumed this exploit has been undetected since Goon.

And indeed, the faulty code is present in Gooncode rev4407 and has been ever since.

ADDITION :

Taken down first PR which was against master, opening this against what i assume is your dev branch. see https://github.com/d3athrow/vgstation13/pull/626

Other build's PRs : https://github.com/Baystation12/Baystation12/pull/4750 https://github.com/tgstation/-tg-station/pull/3416 https://github.com/NTStation/NTstation13/pull/440 https://github.com/ZomgPonies/Paradise/pull/179