[wip] use Authorized fetch

[epsilon-phase]

Many activitypub servers are starting to enable Mastodon style authorized fetch for security reasons. As plume does not sign the user fetches, this means it is not possible to fetch actor information from these servers

The current solution is rather hacky, but it is the best we can figure out without more input and guidance. The ideal solution is to have a quasi actor that can sign these requests and be transparent to the user. As of now it merely fetches the first local user that comes to hand and signs the request with their information.

[codecov]

Codecov Report

Merging #723 into main will decrease coverage by 0.04%.
The diff coverage is 0.00%.

@@            Coverage Diff             @@
##             main     #723      +/-   ##
==========================================
- Coverage   39.13%   39.09%   -0.05%     
==========================================
  Files          73       73              
  Lines        9684     9695      +11     
  Branches     2315     2321       +6     
==========================================
  Hits         3790     3790              
- Misses       4807     4818      +11     
  Partials     1087     1087