Add permission level to deny login-matrix

[AndrewFerr]

as some instances may want to discourage users from sharing their Matrix access tokens.

[AndrewFerr]

Rebased onto the latest release to facilitate clean merging with downstream branches.

[AndrewFerr]

Putting this in draft while I try writing an alternative approach that should be simpler / less impactful than making a new permission level.

[tulir]

Having a special value in login_shared_secret_map or double_puppet_server_map to disallow double puppeting per server might work. Technically you could already set a fake address in the url map, which would break double puppeting.

Alternatively, you could just let people enable it if they want 🤔 Adding a check similar to what mautrix-python has to ensure the provided token doesn't have e2ee keys would be a good idea to prevent users from breaking their existing clients, but I don't see any other reason to prohibit it.