Handle multiple x tags in auth event

[laanwj]

Implement handling of multiple x tags in auth event, as well as simplify some code.

Change the authentication flow to define a function validate_auth_event_x that checks if a certain filehash is allowed to be accessed according to an authentication event.

This function is used in the existing validate_file_hash. The function extract_file_hash_from_auth_event was removed because it's not compatible with this flow and also not really needed.

Changes per endpoint:

• GET: call validate_auth_event_x to check if the provided file hash is authorized, fall through to checking server tag as before. Slightly change error message to reflect the new checks.
• DELETE: call validate_auth_event_x to check if the provided file hash is authorized. Provide the file hash from the URL to further functions instead of the one from the auth event.
• UPLOAD: No changes, existing call to validate_file_hash still covers it.
• MIRROR: Remove the call to extract_file_hash_from_auth_event whose result was unused. The actual blob is still validated using using validate_file_hash. This changes error reporting, but nothing else.

Closes #3.

[0xtrr]

This looks great, thanks! I actually have a patch for this too but I scope creeped that branch to include tests so you beat me to it 😄 I like yours better so I'll merge it and add tests in a separate patch. I have some ideas to clean up the code a bit too.