Add option to keep evidence when suspending accounts

Fix #547

When selected, before the account's data is removed, some of it
is denormalized into a separate, symmetrically-encrypted table. In
particular:

- The e-mail
- All IPs used to access the account
- SHA256 fingerprints of all uploaded files
- URIs of accounts followed by or following the account
- URIs of accounts that were invited

app/services/suspend_account_service.rb

@@ -42,6 +42,7 @@ class SuspendAccountService < BaseService
   # @option [Boolean] :reserve_username Keep account record
   # @option [Boolean] :skip_side_effects Side effects are ActivityPub and streaming API payloads
   # @option [Time]    :suspended_at Only applicable when :reserve_username is true
+  # @option [Boolean] :summarize_account Create a secure summary of access, network and media data
   def call(account, **options)
     @account = account
     @options = { reserve_username: true, reserve_email: true }.merge(options)
@@ -52,6 +53,7 @@ class SuspendAccountService < BaseService
       @options[:skip_side_effects] = true
     end
 
+    summarize_account!
     reject_follows!
     purge_user!
     purge_profile!
@@ -60,6 +62,12 @@ class SuspendAccountService < BaseService
 
   private
 
+  def summarize_account!
+    return unless @account.local? && @options[:summarize_account]
+
+    SummarizeAccountService.new.call(@account)
+  end
+
   def reject_follows!
     return if @account.local? || !@account.activitypub?