[Feat]: add sessions in /status endpoint

[KazuCocoa]

{
  "ready": true or false
  "message": "current string",
  "sessions": {the same body with /sessions}
}

The sessions format would be the same as /sessions endpoint.

[
  {"id": "session id", "capabilities": {capabilities}}.
  {"id": "session id2", "capabilities": {capabilities2}}
]

since /sessions is deprecated as W3C capability

(Or the sessions key would be active_sessions?)

References:
#19851
#19856

[mykola-mokhnach]

I think this might be a serious security issue. Also it us usually not a good idea to add too much stuff into the /status API as it gets called frequently to verify server liveness by multiple clients

[mykola-mokhnach]

#19856 seems like a better idea for me because:

• it is secure, only people that need sessions info to be exposed are going to enable the plugin
• we don't put unnecessary payload/add performance hit on the /status API

[eglitise]

Hmm.... I am inclined to agree on both points here. Current /sessions can indeed be treated a security issue, and if /status does get called often, it is definitely beneficial to keep its response compact.