User data mutation with $schema injection

[willr3]

Horreum currently mutates user data by adding or changing the $schema field. Horreum should not assume it has ownership of user's data but should instead treat user data as immutable. The assumption that $schema is a reserved field that Horreum can own and inject at will is fundamentally flawed. The worst case would be users uploading with $schema and expecting the value will match what they uploaded but Horreum has changed it. There is also an issue with Go or Python object serialization not supporting additional json properties by default. Horreum's new Go and Python clients encourage using Horreum data in an application that could store json encoded entities. If that happens our users will not be able to decode those entities unless they add a required $schema field to each entity and allow Horreum to control that value.

[johnaohara]

On Hold due to https://github.com/Hyperfoil/Horreum/discussions/1603