feat!: DKIM verifier with https fallback

[j-g00da]

This implements a DKIM verification as well as a strict
DKIM signature alignment check with domain in From
header address.

Additionally, provides a fallback mechanism that retrieves
TXT record over HTTPS from a location:
<domain>/.well-known/_domainkey/<selector>
if DNS lookup fails, expecting a plain text RDATA.
Caches the retrieved RDATA using in-memory LRU.

BREAKING CHANGE: incoming messages now require DKIM signatures
aligned to domain of the From header address.

Signed-off-by: Jagoda Ślązak jslazak@jslazak.com

[j-g00da]

Few notes:

• I'm yet to create some meaningful test suite for this
• This passes relay tests: do_not_merge: test filtermail relay#831 (isolated chatmaild tests are expected to fail, as they don't expect filtermail to reject on missing DKIM sig)
• Also tested manually using franky.testrun.org and record hosted on my own relay here: https://chat.kamiokan.de/.well-known/_domainkey/opendkim
• I didn't use viadkim's hickory-resolver feature, as this integration uses an old hickory-resolver version + I had to implement my own lookup anyway for the fallback mechanism. We should probably do some maintenance work on viadkim fork, and release it with some different name.

[j-g00da]

TODO:

• remove current http TXT caching based on TTL
• store only RDATA in selector file, since we don't need TTL
• implement LRU cache for RDATA returned by both DNS resolver and https requests, cache up to forever (in-memory)

[j-g00da]

Also:

• prevent memory exhaustion DoS by limiting response size... (Add response size limit 2 seanmonstar/reqwest#1855, Restrict the body sizes of responses LemmyNet/activitypub-federation-rust#23)