mod_spam_reporting: Refactor to deduplicate code Same event firing code regardless of protocol now.

mod_spam_reporting: Rename variable avoid name clash with global function

mod_spam_reporting: Make 'reason' text an optional value Enables downstream modules that watch these events to distinguish between no reason given and reason being a literal "no reason given".

mod_watch_spam_reports: Prepare for changing 'reason' to an optional value

mod_spam_reporting: Handle unknown or future report types An unrecognised value in the 'reason' attribute would have caused an error. This change makes it mirror the behavior for the previous XEP version.

mod_tos: Initial draft

mod_http_upload: Prevent the module from starting without TLS

mod_http_upload: Don’t send http: URIs to clients, this is forbidden by the XEP

mod_http_muc_kick: Missing local keyword

mod_cloud_notify_encrypted: Ensure body substring remains valid UTF-8 The `body:sub()` call risks splitting the string in the middle of a multi-byte UTF-8 sequence. This should have been caught by util.stanza validation, but that would have caused some havoc, at the very least causing the notification to not be sent. There have been no reports of this happening. Likely because this module isn't widely deployed among users with languages that use many longer UTF-8 sequences. The util.encodings.utf8.valid() function is O(n) where only the last sequence really needs to be checked, but it's in C and expected to be fast.