support protecting specific CIDRs from wide k-lines

[jesopo]

some IPv6 /64s have a lot of users in them. might be nice to have a way to say "only allow minimum <prefixlen> k-lines in this CIDR"

[Half-Shot]

Registering my full support for something like this, when a matrix bridge gets a kline across the whole range, it basically evicts all the matrix users from all the rooms which is not fun.

[jesopo]

alternative solution could be to never accept a k-line that will kill more than n number of users, but you can't accurately calculate how many users a given k-line will kill without asking all remote servers

[codeurimpulsif]

Maybe a kind of protect_list of IP range to protect from K-lines can also be a good solution, because for example a lot of ISP provide /64 IPv6 range to each user, so disable k-line possibilities for a /64 can disable the possibility to ban a single user?

[jesopo]

we'd also want this to somehow cover wildcards

[jesopo]

a better way to do this would be marking an iline as immune to wildcard/cidr k-lines