Add ability to mark webirc users and forbid marked users

[skizzerz]

Marked connections (via set_mark in the webirc auth block) will be checked against the forbid_mark flag in the final auth block after resolving the user's spoofed IP. This allows for additional levels of security from webirc operators so that they are unable to spoof their way into privileged auth blocks -- an auth block with forbid_mark will reject any connections from marked users.

The mark is not automatic because some webirc servers may be fully trusted to allow privileged users to connect (such as a webchat hosted by the network itself).

[jillest]

I would prefer adding a new flag bit; reusing an existing one seems rather cryptic and there are plenty of bits left.

The flags in the configuration could perhaps be named more clearly as well, for example "unprivileged_webirc" and "forbid_unprivileged_webirc" (or "untrusted" instead of "unprivileged").