fixes #5153 

Set default room version to v4.

Sends password reset emails from the homeserver instead of proxying to the identity server. This is now the default behaviour for security reasons. If you wish to continue proxying password reset requests to the identity server you must now enable the email.trust_identity_server_for_password_resets option.

This PR is a culmination of 3 smaller PRs which have each been separately reviewed:

* #5308
* #5345
* #5368

There are a few changes going on here:

* We make checking the signature on a key server response optional: if no
  verify_keys are specified, we trust to TLS to validate the connection.

* We change the default config so that it does not require responses to be
  signed by the old key.

* We replace the old 'perspectives' config with 'trusted_key_servers', which
  is also formatted slightly differently.

* We emit a warning to the logs every time we trust a key server response
  signed by the old key.

1.0 upgrade/install notes

* Regen sample config before kicking off agents

* Add changelog

Fixes some warnings, and a scary-looking stacktrace when sytest kills the
process.

Previously, setting this option would cause an exception at startup.

* Update _matrix/client/versions to reference support for r0.5.0

* Fix background updates to handle redactions/rejections

In background updates based on current state delta stream we need to
handle that we may not have all the events (or at least that
`get_events` may raise an exception).

fixes #4951

* group together key validity refactors

Improve documentation of monthly active user blocking and mau_trial_days

Implements [MSC2077](https://github.com/matrix-org/matrix-doc/pull/2077) and
fixes #5247 and #4364.

Also:
* rename VerifyKeyRequest->VerifyJsonRequest
* calculate key_ids on VerifyJsonRequest construction
* refactor things to pass around VerifyJsonRequests instead of 4-tuples

Remove some spurious stuff, clarify some other stuff

it's a bit confusing

Fixes a regression introduced in #5335.

FederationClient.get_pdu is called in a loop to fetch a batch of PDUs. A
failure to fetch one should not result in a failure of the whole batch. Add the
missing `continue`.

We have too many things called get_event, and it's hard to figure out what we
mean. Also remove some unused params from the signature, and add some logging.

It takes at least 20 minutes to work through the long_retries schedule (11
attempts, each with a 60 second timeout, and 60 seconds between each request),
so if the notary server isn't returning within the timeout, we'll just end up
blocking whatever request is happening for 20 minutes.

Ain't nobody got time for that.

When handling incoming federation requests, make sure that we have an
up-to-date copy of the signing key.

We do not yet enforce the validity period for event signatures.

This reverts commit 4bd67db1.

These end up in join events everywhere, so let's limit them.

Fixes #5079