Approval System for Submissions

[ScriptRaccoon]

Background

The suggestion form introduced in #49 has already been used several times and has worked well so far. Up to this point, it has only been used by people with good intentions. However, since this is the internet, I expect that this will change at some point.

To reduce the risk of abuse, several security measures were already implemented (rate limiting, IP bans, profanity filtering). However, nothing currently prevents a malicious user from submitting nonsensical content that would immediately appear as a GitHub issue.

Approval System

To solve this, this PR introduces an approval system integrated into the admin page (implemented in #108). It works as follows:

1. When the suggestion form is submitted on a CatDat page, a new entry is created in the submissions table. This is a new table in the catdat-visits database (which should be renamed at some point), separate from the main database containing categorical data.
2. The user is informed that their submission requires approval before publication.

3. The maintainer (currently me) is notified by email about the new submission.
4. The email contains a link to /admin/submissions. This is a new page where suggestion form submissions are listed and can be reviewed.
5. Once a submission has been approved, a GitHub issue containing its content is created.
6. Submissions can be ignored or deleted when they are malicious, when they are duplicates, or when they are simply not relevant.

How It Looks

This is how a submission looks like before approval on the admin page.

After approval, it looks like this:

This then creates the GitHub issue #110.

Thoughts

1. It would be much simpler if users created GitHub issues directly (authentication, ownership, transparency, etc.). However, the suggestion form appears to attract more contributions. For that reason, it is important to keep this option while making it secure.
2. For the problem being solved here, my approach seems to be overkill. However, I could not find a simpler solution. And ...
3. As Dmitri Pavlov suggested on zulip, it would be better to support submissions of structured data (like adding a proof, a category, etc.). Currently, the suggestion form only accepts free-form text. The system introduced in this PR could be a step in that direction.