Remove protected chats and expire auth tokens

[link2xt]

Since key-contacts cannot change their keys and having "verification" is less important for contact identification than having a chat history or shared chats with a contact, UIs have stopped displaying green checkmarks everywhere (deltachat/deltachat-android#3828).

This PR removes protected chats and replaces old mechanism of propagating verifications via protected chat messages marked with Chat-Verified: 1 header with a new _verified attribute of Autocrypt-Gossip headers.

Receiving _verified attribute in Autocrypt-Gossip is already supported in 2.13.0 release. This PR switches from using Chat-Verified header to Autocrypt-Gossip.

Closes #7080 (replace verification gossip mechanism with a new one that works using Autocrypt-Gossip header and is independent of "protected chats").

It also makes authentication tokens in QR codes expire and closes #7111
As a preparation for expiring QR codes it takes into account sync item timestamps (closes #7182) for QR code tokens, so synced QR code tokens have a timestamp of sync messages and when token removal is synchronized tokens newer than the sync item are not removed.

Also closes #7112 (removing deprecated and unneeded APIs)

Finally, this PR adds a migration that resets all indirect verifications. There was a bug #7107 (closed in #7113) that resulted in updating "verified by" information for already verified contacts, so the information about "verifiers" is lost and overwritten with incorrect indirect verifiers.
Expiring auth tokens also make new direct verifications more meaningful, but I have decided not to reset direct verifications as they are not affected by bugs that accidentally result in verifying someone directly. If the user did not publicly share the invite link, then verifications are valuable and resetting all of them will likely not be received well.

As we reset indirect verifications at the same time as we change the mechanism used to propagate verifications, old incorrect verifications will not propagate to new versions even though users do not upgrade at the same time.

We can also allow to remove verification from contacts (https://support.delta.chat/t/how-would-i-remove-the-verified-checkmarks-from-one-invite-code-in-retrospect/3403) as it will not break "protected" chats anymore, but this is out of scope for this PR.

What this PR does:

• Remove is_protection_broken APIs. (moved to Various protected group changes #7146)
• Remove is_profile_verified API. (moved to Various protected group changes #7146)
• Stop indirectly verifying contacts via messages with a Chat-Verified: 1 header.
• Add new _verified attribute for Autocrypt-Gossip and use it to indirectly verify key-contacts when such attribute is received from a verified contact (whether directly verified or not).
• Make sure that direct verifications cannot happen via "gossip" from self via outgoing messages sent by other devices. This is another reason to reset existing verifications, apparently existing "direct" verifications may be not actually direct but gossiped by own devices.
• Remove error paths from add_parts that result in "The message was sent by non-verified contact" messages. We likely don't need to pass verified_encryption around, it is only used to decide whether we want to accept verification gossip from the contact.
• Remove Chat.is_protected() APIs.
• Remove API to create new protected groups
• Update dc_contact_is_verified documentation.
• Expiring auth tokens
• Fix Take sync message timestamp into account for QR tokens #7182 so just synced tokens are expired if sync message is old.
• Reset existing verifications via migration. We should do this at the same time as we switch to the new gossiping mechanism, so it should be part of this PR.

[link2xt]

Payload here is replaced to have no Chat-Verified header inside and have _verified=1 in gossip headers. Payload got larger likely because rsop does not do compression and I had to reencrypt the payload.

[iequidoo]

It's not verified (i.e. marked so) yet, maybe rename this to sender_is_checked?

[link2xt]

Contacts are marked as verified in the profile, only protected/verified chats are removed.

[iequidoo]

I mean, sender_is_verified may be true, but then time() < timestamp + 600 below fails and the sender won't be actually verified. The variable name may be confusing

[iequidoo]

This is a remote timestamp, so better to limit it like MimeMessage::get_timestamp_sent() does, maybe even w/o any tolerance

[link2xt]

Probably makes sense to limit sync item timestamps at the time of parsing sync items rather than everywhere they are used.

[iequidoo]

This is fine, but probably https://delta.chat/en/help#save should say that saved messages are encrypted (if they are sent of course, e.g. in a multi-device case)