Implement safety policy for relay connection #83
Description
During the key handshake process the app tells the service which relays it prefers, and currently the service connects to all of them.
This is trivially exploitable, we should implement some policies like only connecting to up to n relays from the same user, and also as the number of relays increases it gets very inefficient to broadcast every event to every relay, so then we should also start taking that into account and only send events for a certain user on the relays we were told are preferred.
We should also probably introduce other messages to negotiate relays or something like that. Ideally the app should have full freedom to pick and the service will have to adapt (we assume services have more resources anyway), but it needs to be done in a safe way.