Add support for reversible suspensions through ActivityPub

[Gargron]

Follow-up to #14726

• Change reversibly suspended accounts to return empty data instead of HTTP 410 (while those that cannot be restored will still return HTTP 410)
• Change Webfinger resolution to queue full account deletion when it encounters a HTTP 410 error for an account that's still in the database

Suspension is expressed through boolean suspended attribute on the actor, and changes are distributed using the standard Update activity. This means that handling suspended accounts works pretty much the same if you receive the event live or encounter the suspended account in the wild. Accounts that were suspended locally cannot be unsuspended remotely. On the other hand, we no longer ignore Update, Undo, Reject, and Delete events for accounts that were suspended.

[ClearlyClaire]

I'll have to do a second review pass, but here are a few inline comments (most of them minor) for now.

More generally, I'm a bit worried about the suspension_origin enum making the logic a bit more complicated and error-prone (but I also understand it's useful for not having to change how suspended accounts are looked up/checked).

Another thing I'm a bit worried about is the two instances not agreeing on the suspension status of some user, which could result in yet another occurrence of “ghost followers”.

[ClearlyClaire]

Slightly worried this logic could fall apart if at some point we (or an admin) end up deciding to cancel some deletion requests without unsuspending the user, but otherwise it seems fine.

[ClearlyClaire]

I wonder if these could cause subtle issues in Move handling or whatnot... but it's unlikely.

[ClearlyClaire]

I will do another review pass later today, but it seems mostly good. So far, my only worry is about returning 410 for temporary suspensions, as that might trigger deletion in some implementations.

[ClearlyClaire]

In addition to the inline comments:

• DeleteAccountService#purge_profile! needs to set suspension origin
• BlockDomainService#suspend_accounts! and BlockDomainService#process_retroactive_updates! need to (un)set suspension origin
• ActivityPub::ProcessAccountService#create_account needs to set suspension origin on auto_block

Also, I think we could/should federate silencing information as well, this would make some things less hackish. This definitely can be in another PR though.

[ClearlyClaire]

Hmm thinking about that, a self-deletion being displayed as a suspension might be misleading and problematic. Though that's a permanent suspension so I guess it should be fine, just returning 410 with a generic “Gone” page.

[Gargron]

I have removed the "suspended" profile design from the PR. Temporarily suspended profiles return HTTP 403.

[ClearlyClaire]

The logic behind which response to return in case of suspension is a bit hard to follow but I don't really have a better idea on how to implement it right now.

Also, I'm not sure why you removed the special page about the account being suspended, it does seem helpful to me. In any case that can be added back in another PR.

I'd like to see some actual testing of the feature (I might do that later), but overall, the PR looks good to me.