Edits to EntitySchemas are not currently running through AbuseFilter, making this an intrusion vector for malicious edits.
These edits are performed via MediaWikiRevisionSchemaUpdater (see its public methods).
We need to run the EditFilterMergedContent hook that's here: https://gerrit.wikimedia.org/g/mediawiki/extensions/Wikibase/+/2823ef7f14/repo/includes/EditEntity/MediawikiEditFilterHookRunner.php#109
Note: Unlike in Wikibase "undo" edits are also saved via MediaWikiRevisionSchemaUpdater::overwriteWholeSchema, so they don't need to be specially handled for this extension (see UndoSubmitAction::storePatchedSchema).
Acceptance Criteria
- Abuse filters are applied to edits on EntitySchemas