og_sites should depend on paranoia, to ensure the access restrictions can't be overridden by users using PHP. It should also ensure there isn't a PHP filter present.

Approach: test in og_sites_init() for paranoia and for PHP filter, bail with error message if module not present or if filter is.