refactor: Centralize server forbidden checks into moderation module

This moves all checks related to `forbidden_remote_server_names`,
`forbidden_remote_room_directory_server_names` and
`prevent_media_downloads_from` to a new `moderation` module.
This is useful for implementing more complicated logic globally.
Mostly the changes from #673, but is also relevant for #750

src/service/media/mod.rs

@@ -22,7 +22,7 @@ use tokio::{
 
 use self::data::{Data, Metadata};
 pub use self::thumbnail::Dim;
-use crate::{Dep, client, globals, sending};
+use crate::{Dep, client, globals, moderation, sending};
 
 #[derive(Debug)]
 pub struct FileMeta {
@@ -42,6 +42,7 @@ struct Services {
 	client: Dep<client::Service>,
 	globals: Dep<globals::Service>,
 	sending: Dep<sending::Service>,
+	moderation: Dep<moderation::Service>,
 }
 
 /// generated MXC ID (`media-id`) length
@@ -64,6 +65,7 @@ impl crate::Service for Service {
 				client: args.depend::<client::Service>("client"),
 				globals: args.depend::<globals::Service>("globals"),
 				sending: args.depend::<sending::Service>("sending"),
+				moderation: args.depend::<moderation::Service>("moderation"),
 			},
 		}))
 	}

src/service/media/remote.rs

@@ -423,16 +423,8 @@ pub async fn fetch_remote_content_legacy(
 fn check_fetch_authorized(&self, mxc: &Mxc<'_>) -> Result<()> {
 	if self
 		.services
-		.server
-		.config
-		.prevent_media_downloads_from
-		.is_match(mxc.server_name.host())
-		|| self
-			.services
-			.server
-			.config
-			.forbidden_remote_server_names
-			.is_match(mxc.server_name.host())
+		.moderation
+		.is_remote_server_media_downloads_forbidden(mxc.server_name)
 	{
 		// we'll lie to the client and say the blocked server's media was not found and
 		// log. the client has no way of telling anyways so this is a security bonus.