Deny server ACL events in C-S API which would block the server

[erikjohnston]

Its quite easy to accidentally send a server ACL event that blocks everyone, including the current server. I can't think of a time when you would want to block your own server, so lets just deny client requests that try to set ACLs that would block the current server

[richvdh]

the reason this is so bad:

Once you've blocked your own server, there is no way back, because all the other servers in the room will ignore you when you try to unblock yourself.

[erikjohnston]

We should also stop people from redacting server ACLs over the CS API for the same reason; a redacted server ACL is treated as an empty one (in current room versions).