don't store more remote device lists if they have more than 1K devices

[richvdh]

Backport of #4396 to develop.

If the remote server has more than ~1000 devices for this user we assume that something is going horribly wrong (e.g. a bot that logs in and creates a new device every time it tries to send a message). Maintaining lots of devices per user in the cache can cause serious performance issues as if this request takes more than 60s to complete, internal replication from the inbound federation worker to the synapse master may time out causing the inbound federation to fail and causing the remote server to retry, causing a DoS. So in this scenario we give up on storing the total list of devices and only handle the delta instead.

[codecov-io]

Codecov Report

Merging #4397 into develop will decrease coverage by <.01%.
The diff coverage is 0%.

@@             Coverage Diff             @@
##           develop    #4397      +/-   ##
===========================================
- Coverage    73.65%   73.65%   -0.01%     
===========================================
  Files          300      300              
  Lines        29815    29818       +3     
  Branches      4897     4898       +1     
===========================================
+ Hits         21960    21961       +1     
  Misses        6414     6414              
- Partials      1441     1443       +2

Impacted Files	Coverage Δ
synapse/handlers/device.py	79.68% <0%> (-0.97%)	⬇️
synapse/handlers/search.py	80.24% <0%> (ø)	⬆️
synapse/handlers/federation.py	61.72% <0%> (ø)	⬆️
synapse/handlers/user_directory.py	71.38% <0%> (+0.3%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update aa955f2...3b31303. Read the comment docs.

[erikjohnston]

LGTM, though we should also probably do something so that synapse won't get to the stage of having so many devices for a user, somehow.