Experimental support for checking space membership when a remote user joins a restricted room

[clokep]

Follow-on to #9712, analogous to #9714, but for the /make_join / /send_join endpoints for MSC3083.

• Figure out where to hook into the make-join / send-join flow.
• Check the space membership based on the allow parameter of the join_rules.
• Reject if the server is not a member of the space. (The MSC talks a bit about peeking in this case, but this is being left unimplemented for now.)

Hopefully this can re-use much of the code from #9714, but will hook into it in a different spot.

[clokep]

A couple of notes: the code for this is in the FederationHandler, see the on_make_join_request and on_send_join_request methods. It isn't clear to me whether we want to do it in one of those or both of those. We probably want to do it as early as possible, so probably in /make_join, but we might need to do it again in /send_join if any of the data that comes back is untrusted (but I assume the whole point of the /make_join / /send_join workflow is that you can't forge that data between them...)

Another thought is that we might want to check in both in-case the membership changed in the space between the /make_join and /send_join calls.