fix for SQL Injection in xhrGetFoodsaver

What does this MR do?

there is an SQL Injection possibility with FoodsaverGateway::xhrGetFoodsaver(), which could have lead to an successfull hack of fs.de. @NerdyProjects will confirm soon, that there was no usage of that in the past.

How confident are you it won't break things if deployed?

a portion of the method (filterung by bid) got removed, which seems unused. but yeah, you can newer know... ;)

Checklist

• added a test, or explain why one is not needed/possible...
• no unrelated changes
• asked someone for a code review
• joined #foodsharing-beta channel at https://slackin.yunity.org
• added an entry to CHANGELOG.md (description, merge request link, username(s))