feat: production hardening — security, scale, protocol, DX

Breaking changes to FederationRepository, ApObjectHandler, ApUser:

FederationRepository:
- add is_activity_processed / mark_activity_processed (inbox idempotency)
- add get_accepted_follower_inboxes (DB-side dedup/filtering, replaces in-memory load-all)

ApObjectHandler:
- add on_announce_of_remote (cross-server boosts, previously silently dropped)

ApUser:
- add manually_approves_followers: bool
- add actor_type: ApActorType (was hardcoded Person)

Security:
- block check before actor HTTP fetch in Follow (prevents SSRF on blocked actors)
- 4xx responses use generic "not found"/"bad request" (no internal leak)
- 1 MB DefaultBodyLimit on inbox routes
- zeroize private key after generation

Delivery:
- all broadcasts are now non-blocking (tokio::spawn fallback, or EventPublisher queue)
- EventPublisher redesigned with typed FederationEvent enum (DeliveryRequested/DeliveryFailed)
- new deliver_to_inbox() public method for queue consumers
- configurable delivery_max_attempts and delivery_initial_delay_secs via builder
- Follow saved as Pending BEFORE delivery (race condition fix)

Router:
- GET /users/{id} (actor), GET /users/{id}/followers, GET /users/{id}/following now mounted

Protocol:
- mention extraction from Create/Update tag arrays → on_mention() dispatched
- WebFinger: add aliases field (acct: URI + AP actor URL)
- outbox: add last link, use count_local_posts for totalItems
- idempotency guard added to every inbound activity receive()
- actor serializes display_name and configurable actor_type/manually_approves_followers

Bump: 0.1.10 → 0.2.0

src/tests/service.rs

@@ -1,45 +1,3 @@
-use super::*;
-use crate::repository::{Follower, FollowerStatus, RemoteActor};
-
-fn make_follower(inbox: &str, shared: Option<&str>) -> Follower {
-    Follower {
-        actor: RemoteActor {
-            url: format!("https://remote/{}", inbox),
-            handle: "user".to_string(),
-            inbox_url: inbox.to_string(),
-            shared_inbox_url: shared.map(|s| s.to_string()),
-            display_name: None,
-            avatar_url: None,
-            outbox_url: None,
-        },
-        status: FollowerStatus::Accepted,
-    }
-}
-
-#[test]
-fn collect_inboxes_deduplicates_shared() {
-    let followers = vec![
-        make_follower(
-            "https://mastodon.social/users/a/inbox",
-            Some("https://mastodon.social/inbox"),
-        ),
-        make_follower(
-            "https://mastodon.social/users/b/inbox",
-            Some("https://mastodon.social/inbox"),
-        ),
-        make_follower("https://other.instance/users/c/inbox", None),
-    ];
-    let inboxes = collect_inboxes(&followers);
-    assert_eq!(inboxes.len(), 2);
-    let strs: Vec<_> = inboxes.iter().map(|u| u.as_str()).collect();
-    assert!(strs.contains(&"https://mastodon.social/inbox"));
-    assert!(strs.contains(&"https://other.instance/users/c/inbox"));
-}
-
-#[test]
-fn collect_inboxes_falls_back_to_individual_inbox() {
-    let followers = vec![make_follower("https://example.com/users/x/inbox", None)];
-    let inboxes = collect_inboxes(&followers);
-    assert_eq!(inboxes.len(), 1);
-    assert_eq!(inboxes[0].as_str(), "https://example.com/users/x/inbox");
-}
+// Inbox deduplication (shared_inbox preference, blocked-actor/domain filtering)
+// is now enforced by the repository implementation via `get_accepted_follower_inboxes`.
+// Integration tests for broadcast delivery live in the consuming crate's test suite.