[feature] Handle retractions of domain permission subscription entries (#4261)

# Description

> If this is a code change, please include a summary of what you've coded, and link to the issue(s) it closes/implements.
>
> If this is a documentation change, please briefly describe what you've changed and why.

This pull request adds logic for nicely handling retractions of entries from domain permission subscriptions.

See docs for how this works but basically retracted entries will either be removed (and possibly picked up by a lower-prio subscription), or orphaned (and then possibly adopted), depending on the config of the domain permission subscription.

closes https://codeberg.org/superseriousbusiness/gotosocial/issues/4101

## Checklist

Please put an x inside each checkbox to indicate that you've read and followed it: `[ ]` -> `[x]`

If this is a documentation change, only the first checkbox must be filled (you can delete the others if you want).

- [x] I/we have read the [GoToSocial contribution guidelines](https://codeberg.org/superseriousbusiness/gotosocial/src/branch/main/CONTRIBUTING.md).
- [x] I/we have discussed the proposed changes already, either in an issue on the repository, or in the Matrix chat.
- [x] I/we have not leveraged AI to create the proposed changes.
- [x] I/we have performed a self-review of added code.
- [x] I/we have written code that is legible and maintainable by others.
- [x] I/we have commented the added code, particularly in hard-to-understand areas.
- [x] I/we have made any necessary changes to documentation.
- [x] I/we have added tests that cover new code.
- [ ] I/we have run tests and they pass locally with the changes.
- [x] I/we have run `go fmt ./...` and `golangci-lint run`.

Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4261
Co-authored-by: tobi <tobi.smethurst@protonmail.com>
Co-committed-by: tobi <tobi.smethurst@protonmail.com>

internal/gtsmodel/adminaction.go

@@ -74,6 +74,7 @@ const (
 	AdminActionSuspend
 	AdminActionUnsuspend
 	AdminActionExpireKeys
+	AdminActionUnallow
 )
 
 func (t AdminActionType) String() string {
@@ -92,6 +93,8 @@ func (t AdminActionType) String() string {
 		return "unsuspend"
 	case AdminActionExpireKeys:
 		return "expire-keys"
+	case AdminActionUnallow:
+		return "unallow"
 	default:
 		return "unknown"
 	}
@@ -113,6 +116,8 @@ func ParseAdminActionType(in string) AdminActionType {
 		return AdminActionUnsuspend
 	case "expire-keys":
 		return AdminActionExpireKeys
+	case "unallow":
+		return AdminActionUnallow
 	default:
 		return AdminActionUnknown
 	}

internal/gtsmodel/domainpermissionsubscription.go

@@ -20,23 +20,79 @@ package gtsmodel
 import "time"
 
 type DomainPermissionSubscription struct {
-	ID                    string                   `bun:"type:CHAR(26),pk,nullzero,notnull,unique"` // ID of this item in the database.
-	Priority              uint8                    `bun:""`                                         // Priority of this subscription compared to others of the same permission type. 0-255 (higher = higher priority).
-	Title                 string                   `bun:",nullzero,unique"`                         // Moderator-set title for this list.
-	PermissionType        DomainPermissionType     `bun:",nullzero,notnull"`                        // Permission type of the subscription.
-	AsDraft               *bool                    `bun:",nullzero,notnull,default:true"`           // Create domain permission entries resulting from this subscription as drafts.
-	AdoptOrphans          *bool                    `bun:",nullzero,notnull,default:false"`          // Adopt orphaned domain permissions present in this subscription's entries.
-	CreatedByAccountID    string                   `bun:"type:CHAR(26),nullzero,notnull"`           // Account ID of the creator of this subscription.
-	CreatedByAccount      *Account                 `bun:"-"`                                        // Account corresponding to createdByAccountID.
-	URI                   string                   `bun:",nullzero,notnull,unique"`                 // URI of the domain permission list.
-	ContentType           DomainPermSubContentType `bun:",nullzero,notnull"`                        // Content type to expect from the URI.
-	FetchUsername         string                   `bun:",nullzero"`                                // Username to send when doing a GET of URI using basic auth.
-	FetchPassword         string                   `bun:",nullzero"`                                // Password to send when doing a GET of URI using basic auth.
-	FetchedAt             time.Time                `bun:"type:timestamptz,nullzero"`                // Time when fetch of URI was last attempted.
-	SuccessfullyFetchedAt time.Time                `bun:"type:timestamptz,nullzero"`                // Time when the domain permission list was last *successfuly* fetched, to be transmitted as If-Modified-Since header.
-	LastModified          time.Time                `bun:"type:timestamptz,nullzero"`                // "Last-Modified" time received from the server (if any) on last successful fetch. Used for HTTP request caching.
-	ETag                  string                   `bun:"etag,nullzero"`                            // "ETag" header last received from the server (if any) on last successful fetch. Used for HTTP request caching.
-	Error                 string                   `bun:",nullzero"`                                // If latest fetch attempt errored, this field stores the error message. Cleared on latest successful fetch.
+	// ID of this item in the database.
+	ID string `bun:"type:CHAR(26),pk,nullzero,notnull,unique"`
+
+	// Priority of this subscription compared
+	// to others of the same permission type.
+	// 0-255 (higher = higher priority).
+	Priority uint8 `bun:""`
+
+	// Moderator-set title for this list.
+	Title string `bun:",nullzero,unique"`
+
+	// Permission type of the subscription.
+	PermissionType DomainPermissionType `bun:",nullzero,notnull"`
+
+	// Create domain permission entries
+	// resulting from this subscription as drafts.
+	AsDraft *bool `bun:",nullzero,notnull,default:true"`
+
+	// Adopt orphaned domain permissions
+	// present in this subscription's entries.
+	AdoptOrphans *bool `bun:",nullzero,notnull,default:false"`
+
+	// Account ID of the creator of this subscription.
+	CreatedByAccountID string `bun:"type:CHAR(26),nullzero,notnull"`
+
+	// Account corresponding to createdByAccountID.
+	CreatedByAccount *Account `bun:"-"`
+
+	// URI of the domain permission list.
+	URI string `bun:",nullzero,notnull,unique"`
+
+	// Content type to expect from the URI.
+	ContentType DomainPermSubContentType `bun:",nullzero,notnull"`
+
+	// Username to send when doing
+	// a GET of URI using basic auth.
+	FetchUsername string `bun:",nullzero"`
+
+	// Password to send when doing
+	// a GET of URI using basic auth.
+	FetchPassword string `bun:",nullzero"`
+
+	// Time when fetch of URI was last attempted.
+	FetchedAt time.Time `bun:"type:timestamptz,nullzero"`
+
+	// Time when the domain permission list
+	// was last *successfuly* fetched, to be
+	// transmitted as If-Modified-Since header.
+	SuccessfullyFetchedAt time.Time `bun:"type:timestamptz,nullzero"`
+
+	// "Last-Modified" time received from the
+	// server (if any) on last successful fetch.
+	// Used for HTTP request caching.
+	LastModified time.Time `bun:"type:timestamptz,nullzero"`
+
+	// "ETag" header last received from the
+	// server (if any) on last successful fetch.
+	// Used for HTTP request caching.
+	ETag string `bun:"etag,nullzero"`
+
+	// If latest fetch attempt errored,
+	// this field stores the error message.
+	// Cleared on latest successful fetch.
+	Error string `bun:",nullzero"`
+
+	// If true, then when a list is processed, if the
+	// list does *not* contain entries that it *did*
+	// contain previously, ie., retracted entries,
+	// then domain permissions corresponding to those
+	// entries will be removed.
+	//
+	// If false, they will just be orphaned instead.
+	RemoveRetracted *bool `bun:",nullzero,notnull,default:true"`
 }
 
 type DomainPermSubContentType enumType