Always signal pjos=0 in V2 receivers

Per
[BIP77](https://github.com/bitcoin/bips/blob/master/bip-0077.md#payjoin-uri):

> Since BIP 78 payloads are neither encrypted nor authenticated, a
directory used for backwards-compatible payloads is known as an
"unsecured payjoin server" in BIP 78 parlance. Backwards-compatible
receivers MUST disable output substitution by setting pjos=0 to prevent
modification by a malicious directory.

Note that pjos=0 is ignored by V2 senders per the previous commit.

Author: spacebear21

payjoin/src/core/receive/v2/mod.rs

@@ -389,7 +389,7 @@ impl Receiver<Initialized> {
 
     /// Build a V2 Payjoin URI from the receiver's context
     pub fn pj_uri<'a>(&self) -> crate::PjUri<'a> {
-        pj_uri(&self.context, OutputSubstitution::Enabled)
+        pj_uri(&self.context, OutputSubstitution::Disabled)
     }
 
     pub(crate) fn apply_unchecked_from_payload(
@@ -1010,6 +1010,6 @@ pub mod test {
     fn test_v2_pj_uri() {
         let uri = Receiver { state: Initialized { context: SHARED_CONTEXT.clone() } }.pj_uri();
         assert_ne!(uri.extras.endpoint, EXAMPLE_URL.clone());
-        assert_eq!(uri.extras.output_substitution, OutputSubstitution::Enabled);
+        assert_eq!(uri.extras.output_substitution, OutputSubstitution::Disabled);
     }
 }