/_synapse/admin/v1/send_server_notice may send a notice to a user via a public room

[Half-Shot]

Docs: https://github.com/matrix-org/synapse/blob/b2b86990705de8a099093ec141ad83e09f182034/docs/admin_api/server_notices.md

The server notice API can be used to send a user a messages from the @ server:example.com user, by specifying a user_id as part of the parameters. Synapse will find the first room it shares with the user and post the message. This is fine if the server notices user was only a member of DM rooms, but unfortunately this can not be guaranteed as it may be used to autocreate the auto_join rooms.

We should instead look for 1:1 rooms where the target and server notices user are the only participants.

Offending code:

synapse/synapse/server_notices/server_notices_manager.py

Lines 112 to 130 in c619253

	rooms = await self._store.get_rooms_for_local_user_where_membership_is(
	user_id, [Membership.INVITE, Membership.JOIN]
	)
	for room in rooms:
	# it's worth noting that there is an asymmetry here in that we
	# expect the user to be invited or joined, but the system user must
	# be joined. This is kinda deliberate, in that if somebody somehow
	# manages to invite the system user to a room, that doesn't make it
	# the server notices room.
	user_ids = await self._store.get_users_in_room(room.room_id)
	if self.server_notices_mxid in user_ids:
	# we found a room which our user shares with the system notice
	# user
	logger.info(
	"Using existing server notices room %s for user %s",
	room.room_id,
	user_id,
	)
	return room.room_id