feat(config): add event blacklist to block all events from specific authors

Adds NGIT_EVENT_BLACKLIST option for blocking all events from specific npubs,
taking precedence over all other validation to enable comprehensive moderation
without affecting curation policy.

Key features:
- Simple npub-only format: <npub>,<npub>,...
- Checked FIRST before any other validation (including repository blacklist)
- Blocks ALL event types (announcements, state events, PRs, comments, etc.)
- Events never reach relay storage or purgatory
- Specific rejection reason for operator debugging

Implementation:
- Add EventBlacklistConfig struct with check() method
- Add NGIT_EVENT_BLACKLIST config option and event_blacklist_config() method
- Add config field to PolicyContext for policy access
- Add check_event_blacklist() to Nip34WritePolicy
- Check event blacklist first in admit_event() method (before any other validation)
- 4 new unit tests covering all blacklist behavior

Configuration synced across all four sources:
- src/config.rs: Core implementation with EventBlacklistConfig
- .env.example: Comprehensive documentation with examples
- docs/reference/configuration.md: Complete reference documentation
- nix/module.nix: NixOS module option with environment mapping

README updates:
- Add comprehensive "Curation & Moderation" section
- Document repository whitelists (GRASP-01 and GRASP-05 modes)
- Document repository and event blacklists with precedence order
- Add configuration table for all curation/moderation settings
- Provide real-world examples for different relay configurations

Testing:
- 4 new tests for event blacklist functionality
- All 336 library tests passing
- All 64 integration tests passing
- All 38 filter support tests passing

Verification:
- Repository blacklist confirmed to apply to sync (uses same admit_event flow)
- Sync events validated through process_event_static -> write_policy.admit_event

Use cases:
- Block spam/abusive users completely
- Prevent malicious actors from submitting any events
- Temporary blocks for investigation
- Moderation without affecting whitelist curation policy

1 files changed, 24 insertions, 1 deletions

diff --git a/.env.example b/.env.example
index 993399a..fb954c0 100644
--- a/.env.example
+++ b/.env.example
@@ -254,4 +254,27 @@
 #   NGIT_REPOSITORY_BLACKLIST=npub1spam...
 #   NGIT_REPOSITORY_BLACKLIST=npub1alice.../bad-repo
 #   NGIT_REPOSITORY_BLACKLIST=malware-repo,spam-repo
-# NGIT_REPOSITORY_BLACKLIST=
\ No newline at end of file
+# NGIT_REPOSITORY_BLACKLIST=
+
+# ============================================================================
+# EVENT BLACKLIST
+# ============================================================================
+
+# Blacklist events from specific authors (npubs)
+# Comma-separated list of npubs whose events are rejected
+# ALL events from these authors are blocked from both relay storage and purgatory
+#
+# Event blacklist takes precedence over ALL other validation:
+#   - Blacklisted events are rejected before any other policy checks
+#   - Applies to announcements, state events, PRs, and all other event types
+#   - Events never reach purgatory (rejected immediately)
+#
+# Rejection reason:
+#   - "Event author <npub> is blacklisted"
+#
+# CLI: --event-blacklist <list>
+# Default: (empty - no events are blacklisted by author)
+# Examples:
+#   NGIT_EVENT_BLACKLIST=npub1spam...
+#   NGIT_EVENT_BLACKLIST=npub1spam...,npub1abuser...
+# NGIT_EVENT_BLACKLIST=
\ No newline at end of file