Add "internal_anon" path for internal auth tokens

This allows us to use internal auth without actually impersonating a
specific account. This is only used for the account registration
endpoint on meta.sr.ht, which needs to work prior to the user having a
record in the database.

Anonymous authentication will be implemented separately.
scss: add nav-text styles
srht.graphql: add missing import
GraphQL: add X-Forwarded-For
graphql: export GraphQLError

I have really bunged this one up.
graphql: add GraphQLError
fix "disgusting hack" in the case of buildsrht
Add aria-hidden="true" to icons

The vast majority of icon usage is decorative, such as arrows at the end
of link buttons. For the cases where it's not, I'm sending follow-up
patches to the specific services which add appropriate aria-label to
the parent element.
Improve error handling for GraphQL
graphql client: add validation integration
setup.py: add graphql module
graphql: expand support code
webhooks: add exception handler

Without this, any database errors could land us in an invalid
transaction, and we'd never hear about it.
.builds/alpine.yml: upgrade to 3.14
Add custom 401 Unauthorized page
profile: Fixed markdown bio images from overflowing.
Don't use flexbox for markdown headers

This causes a lot of problems. Just let the browser do the headings and
we'll reposition our anchor links manually.
srht.FlagType: set cache_ok

Squelches a new warning from SQLAlchemy.
srht.search: fixes for sqlalchemy 1.4

See https://groups.google.com/g/sqlalchemy/c/opm2FVNKTTI/m/dVBGlD8FBAAJ