feat: production hardening — security, scale, protocol, DX

Breaking changes to FederationRepository, ApObjectHandler, ApUser:

FederationRepository:
- add is_activity_processed / mark_activity_processed (inbox idempotency)
- add get_accepted_follower_inboxes (DB-side dedup/filtering, replaces in-memory load-all)

ApObjectHandler:
- add on_announce_of_remote (cross-server boosts, previously silently dropped)

ApUser:
- add manually_approves_followers: bool
- add actor_type: ApActorType (was hardcoded Person)

Security:
- block check before actor HTTP fetch in Follow (prevents SSRF on blocked actors)
- 4xx responses use generic "not found"/"bad request" (no internal leak)
- 1 MB DefaultBodyLimit on inbox routes
- zeroize private key after generation

Delivery:
- all broadcasts are now non-blocking (tokio::spawn fallback, or EventPublisher queue)
- EventPublisher redesigned with typed FederationEvent enum (DeliveryRequested/DeliveryFailed)
- new deliver_to_inbox() public method for queue consumers
- configurable delivery_max_attempts and delivery_initial_delay_secs via builder
- Follow saved as Pending BEFORE delivery (race condition fix)

Router:
- GET /users/{id} (actor), GET /users/{id}/followers, GET /users/{id}/following now mounted

Protocol:
- mention extraction from Create/Update tag arrays → on_mention() dispatched
- WebFinger: add aliases field (acct: URI + AP actor URL)
- outbox: add last link, use count_local_posts for totalItems
- idempotency guard added to every inbound activity receive()
- actor serializes display_name and configurable actor_type/manually_approves_followers

Bump: 0.1.10 → 0.2.0

src/user.rs

@@ -1,4 +1,5 @@
 use async_trait::async_trait;
+use serde::{Deserialize, Serialize};
 use url::Url;
 
 #[derive(Debug, Clone)]
@@ -7,6 +8,22 @@ pub struct ApProfileField {
     pub value: String,
 }
 
+/// Actor type for AP serialization. Defaults to `Person`.
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub enum ApActorType {
+    Person,
+    Service,
+    Application,
+    Organization,
+    Group,
+}
+
+impl Default for ApActorType {
+    fn default() -> Self {
+        Self::Person
+    }
+}
+
 /// Resolved actor data returned by [`crate::service::ActivityPubService::lookup_actor_by_handle`].
 /// Fetched via a signed HTTP request so strict instances (e.g. Threads) return full data.
 #[derive(Debug, Clone)]
@@ -29,12 +46,18 @@ pub struct LookedUpActor {
 pub struct ApUser {
     pub id: uuid::Uuid,
     pub username: String,
+    pub display_name: Option<String>,
     pub bio: Option<String>,
     pub avatar_url: Option<Url>,
     pub banner_url: Option<Url>,
     pub also_known_as: Option<String>,
     pub profile_url: Option<Url>,
     pub attachment: Vec<ApProfileField>,
+    /// If true, incoming Follow requests must be manually approved before the
+    /// actor is listed as `manuallyApprovesFollowers=true` in AP JSON.
+    pub manually_approves_followers: bool,
+    /// AP actor type serialized in the actor JSON. Defaults to `Person`.
+    pub actor_type: ApActorType,
 }
 
 #[async_trait]