Add non-existent room moderator

Description A broadcaster can add or remove a non-existent user as a moderator. This is submitted using the testbed as it wasn't possible to initiate a broadcast on the production site. Steps 1. As a broadcaster add a moderator to the broadcast (attachment 1). 2. Observe the request sent to the server (attachment 2). 3. Replay the request from step 2. Change the second to last part of the URL to a non-existent user (attachment 3). 4. Observe the server broadcasts the operation to the room (attachment 4). ## Impact It is unclear what side effects, if any, this could have. This is really being reported because the application had very strict access controls and this seems to one of the only places it was obvious the access controls and input validation weren't as strict as they could be.