SECURITY: correct local onebox category checks

Also removes ugly "source_topic_id" from cooked posts

Patch was authored by @zogstrip

Signed-off-by: Sam <sam.saffron@gmail.com>

lib/cooked_post_processor.rb

@@ -368,15 +368,13 @@ class CookedPostProcessor
   end
 
   def post_process_oneboxes
-    args = {
-      post_id: @post.id,
-      invalidate_oneboxes: !!@opts[:invalidate_oneboxes],
-    }
-
-    # apply oneboxes
-    Oneboxer.apply(@doc, topic_id: @post.topic_id) do |url|
+    Oneboxer.apply(@doc) do |url|
       @has_oneboxes = true
-      Oneboxer.onebox(url, args)
+      Oneboxer.onebox(url,
+        invalidate_oneboxes: !!@opts[:invalidate_oneboxes],
+        user_id: @post&.user_id,
+        category_id: @post&.topic&.category_id
+      )
     end
 
     oneboxed_images.each do |img|