feat: improve anonymity by not storing ids in db anymore

[drendog]

Prerequisites

• I have read and understood the contributing guide.
• The commit message follows the conventional commits guidelines.
• Tested the changes locally with a real Telegram bot.
• Introduced tests for the changes have been added (for bug fixes / features).
• Docs have been added/updated (for bug fixes / features).
• I have updated the CHANGELOG.md file with an overview of the changes made.

Description

reworks how the bot handles user id during the pending post lifecycle, applying encrypted in-memory approach to minimize the exposure of user id at every layer.
User/chat id are no longer plaintext written to disk at all (currently encrypted only on the backups), pending posts are held in an ephemeral in-memory encrypted splitted map that exists only for the lifetime of the process.

(If applicable) Issue closed by this PR

Does this PR introduce a breaking change?

• Yes
• No

(If yes) What are the changes that might break existing applications?

• Pending posts table removal
• Graceful shutdown, that stops accepting new posts, asks to admin to make decision on pending posts by configurable timeout, and cleans pending posts. It is needed because ids will not persist after reboot/update.

Python version you are using

3.14.2

Other information

Remember to set stop_grace_period on the compose file with the same value or more as drain_timeout in settings.yaml, to avoid to kill the bot before cleaning up the pending post

WIP another PR based in this, to add salt on approval/reject buttons in a way to split knowledge about encryption.

WIP another PR based in this, about new post sending flow without storing chat id anywhere, without compromising the user experience too badly, but still keeping the old one

[Helias]

so you want to keep the pending post in memory? What about if the bot crashes?
and if we restart the docker container for an update?

Is there a persistent cache/storage for it?

[Helias]

merge conflict