Implement a mechanism for resyncing One-Time Keys between clients and servers

[richvdh]

Various things can cause servers to end up holding the public parts of one-time keys that clients have since forgotten the private parts of. For example:

• Lost OTK, leading to "OneTime key already exists" error and later UTDs matrix-org/matrix-rust-sdk#1415
• Rolling a homeserver's database back via backup could cause duplicate OTKs and hence UISIs #2155
• Clients may throw away one-time keys which are still published on the server, or have messages in flight #2356
• One-time-key upload/claim is racy matrix-org/matrix-spec#1124

It is proposed that we could implement a mechanism to detect such desyncronisation, and fix it.

matrix-org/matrix-spec-proposals#4162 proposes a mechanism for this.

There has been significant discussion at #2406.

[richvdh]

I am not hugely in favour of this, as I believe it risks masking the underlying bugs. However, there might be merit in making it a configurable option which is only enabled on certain deployments.