Federation Security: Authorisation

Related: #236

As a trusted sender, I can send URLids belonging to other servers (including the recipient), saying for example "hey Paris! This user from Nantes left your circle", when they did not