Add a config option to block local users from enabling encryption in a room

[Twi1ightSparkle]

Description:

There are use cases where you do not want encryption enabled in any of your rooms. You can sort-of achieve this today using your well-known files, however this is more of a suggestion to clients and may not always be reliable for example if the file is temporarily unavailable or the client fails to read it for any reason.

Therefore, Synapse should have an option to block all local users from setting the encryption state events in any room. I suggest a new Synapse configuration option that is of course disabled by default. Alternatively, add a new option, (block or never for example) on encryption_enabled_by_default_for_room_type.

For completeness, this block policy should apply both on room creation and for enabling encryption in the room later.

It should however probably not block users from joining existing local or federated encrypted rooms.