[Enhancement] Do not leak po token in videoplayback requests to clients

[MMaster]

po token is leaked to clients in videoplayback request URLs.
I'm not entirely sure if it can be abused, but since pot is identifiable info it may be better to not leak it to clients watching videos on invidious instance.

Describe the solution you'd like
Rewrite the URL internally to add pot without exposing it to clients eg in video_playback route.

[unixfox]

It's the same issue as #2142

Ideally we would like to do something about it, but ultimately it's too cumbersome to deal with.

Especially since we support the ability to turn off "proxy" and this won't work anymore if we hide the pot= parameter because the requests are directly sent to google servers by the browser/client.

Read also the big downside for public instances by doing this: #2142 (comment). Each separate proxy program (example http3-ytproxy) would have to be adapted for this case.