spam management for forgejo

Usage

create an API token for your admin account, and write it in an api_token file at the root of the repo
remove model.json if you want to start with no pre-existing model of what is spam or not. Or keep it to use the current classifier. The file gets updated when using the tool: the classifier learns from spam/legit decisions and should get progressively better at identifying spam.
run: cargo run
classify users as spam/not spam. Right now the classification is stored locally in db.json, no concrete action is taken. (Ultimately we will want to lock/delete accounts, etc.)

take concrete actions for spam accounts: lock the account, send a warning email, then delete+purge account after some time.
add backend to store data on garage instead of local files
replate the api_token file with a better mechanism: oauth maybe?
improve error handling