Enforce equality of RFC5322.From (IMF From) domain and DKIM domain

[link2xt]

Currently we reject emails that fails DKIM check: https://github.com/deltachat/chatmail/blob/3665d957a7243695a3db4d45918118e7eed74add/cmdeploy/src/cmdeploy/rspamd/force_actions.conf#L9

We also reject emails failed by DMARC policy: https://github.com/deltachat/chatmail/blob/3665d957a7243695a3db4d45918118e7eed74add/cmdeploy/src/cmdeploy/rspamd/force_actions.conf#L41

However, apparently dkim module does not check that DKIM signature domain is aligned with RFC5322.From domain. This is [the only good] part of DMARC standard and is therefore checked by DMARC module.

However, DMARC module checks very little even if p=reject policy is published for the From header domain. It will pass if either SPF or DKIM passes, while we want to enforce valid DKIM signatures. It will also pass if there is no strict reject policy or if there is simply no DMARC record.

We need a way to check that there is a DKIM signature corresponding to the From: header of the IMF aka RFC5322.From regardless of DMARC. Then we don't even need to resolve SPF or DMARC records. If there is no way to do this with rspamd, seems the solution would be to implement our own checker, see #179

[link2xt]

rspamd can extract from('mime') and extracting domain from that should be easy: https://rspamd.com/doc/configuration/selectors.html But I don't see how to compare to the DKIM domain.