[testers-wanted] Add embedded IRC server (ircd)

[mevanlc]

• Introduces a lightweight pure-rust IRC server (ircd) that exposes late-sh's internal chat as an IRC-client-compatible surface
• The IRC server logic was written from scratch, custom for the late-sh repo
  • Reusing an irc daemon crate would have made the PR smaller by LOCs but not smaller by complexity (and not higher quality, IMO)
• Feature is off-by-default unless enabled
• Dev recipes (e.g. make start) enable plaintext IRC by default -- see Makefile and .env for IRC related vars
• TLS is supported for encrypted connections (recommend TLS-only [no plaintext] in prod
  • The TLS certificate is not auto-setup so that is some up-front config required to get TLS going
  • Some IRC clients do chain-of-trust / domain-validation (like browsers w/ https), but most let you easily bypass these checks for self-certs
• Connecting to the late-sh ircd requires a password -- all major modern irc clients support configuring a connection password
  • Users start with no IRC password and thus their account cannot connect to IRC
  • Users desiring an IRC password can create a randomly allocated strong password in the late-ssh TUI under Settings->Account tab. The user can delete their password (thus disabling IRC for their account). The user can also regenerate a new password. Currently a user can have only 1 password at a time.
• User's IRC nickname is locked to their late-ssh TUI username and cannot be changed via IRC
• Most user-management moderation features map to IRC. Most notably: room kick, room ban, server kick, server ban
• Private channels are limited to members only
• Public channels can be /listed and joined

[mpiorowski]

OHHH, thats interesting!

[gitguardian]

⚠️ GitGuardian has uncovered 1 secret following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

Since your pull request originates from a forked repository, GitGuardian is not able to associate the secrets uncovered with secret incidents on your GitGuardian dashboard.
Skipping this check run and merging your pull request will create secret incidents on your GitGuardian dashboard.

🔎 Detected hardcoded secret in your pull request

GitGuardian id	GitGuardian status	Secret	Commit	Filename
15149220	Triggered	Generic Password	6a921f9	Makefile	View secret

🛠 Guidelines to remediate hardcoded secrets

1. Understand the implications of revoking this secret by investigating where it is used in your code.
2. Replace and store your secret safely. Learn here the best practices.
3. Revoke and rotate this secret.
4. If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider

• following these best practices for managing and storing secrets including API keys and other credentials
• install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.

---

^{🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.}