Conflicts:
- `spec/lib/sanitize/config_spec.rb`:
Upstream rewrote top-level `describe` calls to `RSpec.describe`, and
glitch-soc had differences in the first few tests because of the wider
subset of HTML it accepts.
Changed `describe` to `RSpec.describe` as upstream did, keeping
glitch-soc's tests.
Conflicts:
- `lib/sanitize_ext/sanitize_config.rb`:
Conflict because glitch-soc has a different list of allowed tags.
Added upstream's new allowed tags while keeping ours.
- `spec/requests/api/v1/timelines/public_spec.rb`:
Conflict because of glitch-soc's default settings.
Updated accordingly.
* Fix insufficient permission checking for public timeline endpoints
Note that this changes unauthenticated access failure code from 401 to 422
* Add more tests for public timelines
* Require user token in `/api/v1/statuses/:id/translate` and `/api/v1/scheduled_statuses`