feat: authorised fetch
Created by: dakkar
Summary
some other fedi software allow enforcing that all GET requests with Accept: application/activity+json
be signed, and will refuse to serve both unsigned requests, and signed requests from blocked / silenced / restricted instances.
Purpose
Some writing about this: https://hub.sunny.garden/2023/06/28/what-does-authorized_fetch-actually-do/ and https://docs.joinmastodon.org/admin/config/#authorized_fetch
The main effect is to make it much harder for blocked instances (and random data harversters) to retrieve profiles and notes
(this feature was suggested by mia on Discord)