Add ability to blacklist certain keys

[awlx]

Add a (temporary) blacklist feature to the daemon. This is needed in case some abusive client wants to connect. Then we just reject the Wireguard key and don't send it to MQTT.

[rucarrol-goog]

• How do you want to identify the client (name? key?)?
• Where do you want to block them? In the flask app?
• Should the config be runtime, or hard coded into the config file (or both?) ?

I'm guessing easiest thing to do is create a new API for an in-memory list of keys/clients you want to block, and check this list before calling MQTT: https://github.com/freifunkMUC/wgkex/blob/main/wgkex/broker/app.py#L77

[awlx]

My idea was to read a blacklist.yaml from the broker and reject all keys which are in there. So those aren't even sent to MQTT, as you said :).

It would be cool if the file is occassionally checked for changes and reloaded to memory. But also just a static file which is read on start of the broker is fine.

My prefered format would be:

- Key1
  reason: "Abuse"
- Key2

But reason is optional and we put this in the answer to the client.

[rucarrol-goog]

Then I think solving this first is the correct thing to do: #39

[rucarrol-goog]

I created a first draft to block keys on the client side in #76 .

I'll go about looking at trying to get keys back out of the worker to the broker so we avoid duplication.