Throttle replaces max_unknown_ip, reject is like before
(including the charybdis-specific unkline handling).
Both of these now apply before SSL negotiation.
This commit does not include the global_cidr and new dline code.
m_webirc is a bit nasty with throttling (unlike before
with max_unknown_ip), this may be fixed later (or
the webirc IP needs to be exempt{}ed).
When a user is rejected, remember the hash value of the
ban mask (for klines/glines, hash value of the user part
XOR hash value of the host part) with the rejected IP;
if the kline/gline/xline is removed, remove rejects with
the same hash value also. Note that this does not happen
for expiries; this is deliberate.
Rejects for no auth{} or dnsbl put a hash value of 0;
they cannot be removed selectively.
