Handle incorrectly encoded query params correctly

Validate well known state events are state events.

Don't allow clients to send tombstones that reference the same room

Co-Authored-By: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>

Deny redaction of events in a different room.

Handle RequestSendFailed exception correctly in more places.

Explicitly check that tombstone is a state event before notifying.

Lets disallow sending things like memberships, topics etc as non-state
events.

We already correctly filter out such redactions, but we should also deny
them over the CS API.

This is intended as an amendment to #5674 as using M_UNKNOWN as the errcode makes it hard for clients to differentiate between an invalid password and a deactivated user (the problem we were trying to solve in the first place).

M_UNKNOWN was originally chosen as it was presumed than an MSC would have to be carried out to add a new code, but as Synapse often is the testing bed for new MSC implementations, it makes sense to try it out first in the wild and then add it into the spec if it is successful. Thus this PR return a new M_USER_DEACTIVATED code when a deactivated user attempts to login.

Share SSL options for well-known requests

Disable codecov reports to GH comments.

The double posting is really annoying, and I don't think anyone is
actually reading them. The commit statuses should give a good summary
and will link to a full report.

Don't recreate current_state_events.membership column

Fix current_state_events membership background update.

Turns out not all rooms are in `rooms`, so lets fetch the room list from
`current_state_events`. We move the delta file to force it to be run
again.

Fix error handling when fetching remote device keys

Add unit test for current state membership bg update

The `expire_access_token` didn't do what it sounded like it should do. What it
actually did was make Synapse enforce the 'time' caveat on macaroons used as
access tokens, but since our access token macaroons never contained such a
caveat, it was always a no-op.

(The code to add 'time' caveats was removed back in v0.18.5, in #1656)