resourceloader: Sanitize lang with isValidBuiltInCode(), not isValidCode()

resourceloader: Sanitize lang with isValidBuiltInCode(), not isValidCode()

Follows-up r96280 (368dbc5f5b), and r82927 (1e67922842).

Language::isValidCode() (used by index.php) allows a very wide range of values,
which inflates the msg_resource cache quite a bit (T102058). This is a first
step toward locking it down.

This change affects both handling of incoming load.php requests, and the
formatting of request urls by OutputPage. As such, OutputPage will no longer
forward invalid uselang values that are valid for index.php to load.php.

Change-Id: I27857ce5949bc616c7179f5f47b24aa2f6765f5f