Key-contacts

[link2xt]

This change introduces a new type of contacts
identified by their public key fingerprint
rather than an e-mail address.

Encrypted chats now stay encrypted
and unencrypted chats stay unencrypted.
For example, 1:1 chats with key-contacts
are encrypted and 1:1 chats with address-contacts
are unencrypted.
Groups that have a group ID are encrypted
and can only contain key-contacts
while group that don't have a group ID ("adhoc groups")
are unencrypted and can only contain address-contacts.

JSON-RPC: reset_contact_encryption API is removed.
In deltachat-rpc-client API Contact.reset_encryption is removed.
"Group tracking plugin" in legacy Python API was removed because it relied on parsing email addresses from system messages with regexps.

Known multi-device (non-)issue: pinning a 1:1 chat from legacy client pins email chat via sync message.

Still missing, not all of this should be fixed before merging but at least CI should pass:

• Return an error when API user tries to add email contact to encrypted chats.
• Same for PGP-contacts, they should not be added to unencrypted chats.
• Fix AEAP tests.
• Chat-Group-Member-Fpr header.
• Ignore Chat-Group-ID if the message is not encrypted+signed.
• Complete Thunderbird tests.
• Tests for 1:1 chat assignment. If we have multiple PGP-contacts with the same email address, can assign outgoing messages without Autocrypt-Gossip to the most recent one or using In-Reply-To or References. If there are no PGP-contacts, the message can go to email contact or trash. EDIT: we have tests for incomplete message assignment, they pass. This is not comprehensive and does not use Message-IDs and References, but tying chat assignment to contact lookup is complicated.
• Migration. Started at [WIP] feat: Migration for PGP-contacts #6818
• Do not list email-contacts in the contact list by default. For email contacts maybe add a flag.
• Open issues for Thunderbird: test_prefer_encrypt_mutual_if_encrypted has TODOs for assigning to chat by issuer fingerprint. This should also work if the key is attached and no Autocrypt header is sent. Signed-only messages should probably go to PGP-chat without a padlock. Fixing this is out of scope of this PR. Signed-only messages to to email-contact. If Thunderbird is configured to send Autocrypt header, chatting should work, this is already tested.
• JSON-RPC API loading a chat now loads is_encrypted, this adds database calls. Could be optimized.
• SHA-256 fingerprints (API to get SHA2-256 fingerprints for any keys rpgp/rpgp#531, wip: "imprint" fn rpgp/rpgp#541). If we can, we should use SHA-256 fingerprints for v4 keys instead of having SHA-1 fingerprints as the primary key. Invite links with SHA-1 should still be supported. Adding a column can be done later and we will likely need two columns anyway with standard fingerprint and SHA-256 to support openpgp4fpr and invite links, but Chat-Group-Member-Fpr format should be fixed before release.

[Hocuri]

Just 3 small things I was wondering while skimming over

[adbenitez]

a way to know if a chat is an encrypted chat is missing, currently there is only "isPgpContact" that can be used to mark contacts/1:1 chat but for unencrypted groups/threads of classic email non-pgp contacts there is no API to recognize such chats and also put the "classic email" marker as for classic email contacts

[Hocuri]

Another day, another set of review comments

[link2xt]

There is a problem with 1:1 chat assignment. If there is no Autocrypt-Gossip on outgoing message, then to_id gets converted to email contact. If there is also a Chat-Verified header, receive_imf fails with an error like DeltaChat: [accId=1] src/imap.rs:1456: receive_imf error: Non-PGP contact Contact#10 cannot be verified.. and the message does not show up at all. So we should assign by References or In-Reply-To and 1:1 chat before converting to_ids.

[r10s]

/me accidentally added and removed a commit here to fix "golden test", i wanted to add that to #6938 only ...

[Hocuri]

I didn't do another full review, but I reviewed a few weeks ago and then reviewed all the individual added commits, so, can be merged from my side!