Add ability to mark webirc users and forbid marked users

[skizzerz]

Marked connections (via set_mark in the webirc auth block) will be
checked against the forbid_mark flag in the final auth block after
resolving the user's spoofed IP. This allows for additional levels of
security from webirc operators so that they are unable to spoof their
way into privileged auth blocks -- an auth block with forbid_mark will
reject any connections from marked users.

The mark is not automatic because some webirc servers may be fully
trusted to allow privileged users to connect (such as a webchat hosted
by the network itself).

[edk0]

I don't feel unambiguously great about reusing the flag bit, but I think it's probably better than the alternative.

[edk0]

Suggested change

	if(IsMarked(client_p))
	if (IsMarked(client_p))

[skizzerz]

I just stuck with the same formatting as all of the other (existing) ifs in the file (which lacked spaces before the parenthesis). Should I change all of them?

[edk0]

change as many as you can be bothered to without feeling excessive, I guess. I don't always change surrounding ones (though I do think it's good to); I just figure if we stop introducing new if( eventually it'll be gone.

[edk0]

also I clicked the wrong button oops

[jillest]

I would prefer adding a new flag bit; reusing an existing one seems rather cryptic and there are plenty of bits left.

The flags in the configuration could perhaps be named more clearly as well, for example "unprivileged_webirc" and "forbid_unprivileged_webirc" (or "untrusted" instead of "unprivileged").