Hide future notes from timeline

[tyiu]

Summary

The created_at timestamp can be any value in the future as it can not be verified to be correct / the actual time the author posted. If someone does this, this note gets pinned at the top of the timeline in perpetuity until the system clock surpasses that timestamp and other notes get pulled in. This could be considered a malicious attack (or other users have a clock skew problem).

This change defensively filters out future notes from the timeline until the system clock has actually surpassed the created_at timestamp.

Closes: #2949
Related: damus-io/notepush#17

Checklist

• I have read (or I am familiar with) the Contribution Guidelines
• I have tested the changes in this PR
• I have opened or referred to an existing github issue related to this change.
• My PR is either small, or I have split it into smaller logical commits that are easier to review
• I have added the signoff line to all my commits. See Signing off your work
• I have added appropriate changelog entries for the changes in this PR. See Adding changelog entries
• I have added appropriate Closes: or Fixes: tags in the commit messages wherever applicable, or made sure those are not needed. See Submitting patches

Test report

Device: iPhone 16 Pro Simulator

iOS: 18.4

Damus: 2f875ab

Setup: Settings > General > Date & Time > Toggle off Set Automatically > Set current time to 2 or more minutes into the future (or whatever amount of time you need to run through the test steps)

Steps:

1. Build and run Damus on the master branch.
2. Follow the setup steps above to change the system clock.
3. Switch to Damus and post a note.
4. Reverse the setup steps to change the system clock back to be set automatically.
5. Switch to Damus and observe that the note is pinned at the top of the timeline (home, profile, etc)
6. Observe that the note is pinned at the top of the timeline.
7. Tap on the note to verify that the timestamp is indeed the future.
8. Checkout the HEAD of this branch, and build and run Damus.
9. Observe that the note from (3) is no longer shown on the timeline.
10. Wait until the system clock naturally passes that timestamp.
11. When a new note comes in or if you refresh the timeline (by switching away and coming back), the note from (3) will appear.

Results:

• PASS

[alltheseas]

Thank you Terry

[tyiu]

I may need to do some more work to

1. Also filter future notes from notifications, and
2. Add some margin for error (perhaps up to 1 second or so) in the timestamp in case there's a natural clock skew between the sending client and the receiving client. ChatGPT says expect "<10 ms" for NTP synced devices.

[tyiu]

• Wait until Add notification setting to hide hellthreads #2946 is merged as it is more important and resolve merge conflicts afterward

[danieldaquino]

Done!

[tyiu]

I may need to do some more work to

1. Also filter future notes from notifications, and

2. Add some margin for error (perhaps up to 1 second or so) in the timestamp in case there's a natural clock skew between the sending client and the receiving client. ChatGPT says expect "<10 ms" for NTP synced devices.

This is done.

[tyiu]

This PR is ready for review. Also please see the corresponding notepush PR.

Do not merge until #2946 is merged as it is more important and due to merge conflicts.

[danieldaquino]

LGTM! Thank you @tyiu!

[danieldaquino]

Waiting on #2946 to be merged in order to merge this PR, as per @tyiu's request

[danieldaquino]

Thanks @tyiu! Resolved conflicts and merged!