Spam/abuse hardening

[snarfed]

As we start to think about building out new protocols (https://github.com/snarfed/bridgy-fed/issues?q=is%3Aissue%20state%3Aopen%20label%3A%22new%20protocol%22 ), we should think more about hardening. We have a few of these features already, but we should probably consider more? #773 would help a ton here, but barring that, here are some thoughts.

Right now, depending on network, we already:

• require name
• require profile picture
• require account age older than 1w
• per domain/instance, can limit bridging all users to only user profiles, not posts or other interactions, until at least one person follows them across the bridge

We could also consider

• Rate limit tasks by user #1788
• rate limit IPs, at least for protocols where we see the user/client's IP (which I suspect we don't have many of)
• block duplicate content; don't allow the same post text from the same user, or instance, or protocol, more than once per day/week/month
• more ideas from https://nostrify.dev/policy/ and https://docs.soapbox.pub/ditto/policies (thanks @alexgleason!)

cc @anujahooja @kissane @benwerd

[snarfed]

For Nostr specifically:

• verify signatures
• require NIP-05
  • limit number of users per pay-level NIP-05 domain? would that break on services like https://www.nostrly.com/ , https://nostrplebs.com/ , https://easydns.com/blog/2023/03/12/easynostr-setup-your-nip-05-id-under-your-own-domain-or-use-one-of-ours/ , maybe Iris https://github.com/irislib/faq/blob/main/README.md#getting-started ?
• Rate limit tasks by user #1788
• disabling by NIP-05 domain (probably Web.manual_opt_out)
• size limit
• block duplicate content