Remove identities, posts and media when instance blocking

[futzle]

I don't think this is currently in mainline Takahē, based on a cursory scan of the source.

Scenario:

1. An instance that we don't yet suspend replies to a user with a post containing block-worthy content. There may be media attached to it. This content may even be illegal in our server's jurisdiction (think CSAM, Nazi symbols in France).
2. Admin of our instance suspends the bad instance.

Expected behaviour: The remote identities on the blocked server, any posts by these identities, and any media attached to those posts are scheduled for deletion [Maybe not immediately? mistakes happen. How about in an hour?].

Actual behaviour: I think the content remains on the server?

Edit: Also not sure if suspending a domain removes

• follows of identities on the suspended domain by local identities
• boosts by local users of posts made by identities on the suspended domain
• favourites by local users of posts made by identities on the suspended domain
• Did I forget anything?

[andrewgodwin]

Yeah, this somewhat related to https://github.com/jointakahe/takahe/issues/394 but we don't yet have an issue for it separately, so we can use this for that.

I will point out that I very deliberately made Takahē never store remote media on disk - it only ever uses a pass-through cache with expiry, specifically so that someone can't mention an account on your server and then trigger it to download e.g. CSAM to disk by doing so. If you block a server, you can't see any of its posts and any media that might be in the cache will soon expire out of it (but maybe we should force a cache clear too just to be sure).

The posts and other interactions do still need dropping, though - I need to figure out a good way of doing this in the background incrementally. Maybe we can do it as part of the domain updated -> outdated lifecycle or something.

[AstraLuma]

Ok, so we want to teach Takahē that posts/accounts can be "moderated"--it recognizes they exist for purposes of federation, but they're hidden from local users?

Should that be a new field on the model, or new states in the state machine?

In the case of accounts, should it go and hide/remove all non-content interactions (likes, votes, reactions, etc)?

[andrewgodwin]

I think it has to be a new field on the model - we want it to persist even when the post changes to edited, for example.

As for accounts - it probably does need something like that, but without making our current queries even worse.