security: IR-based generic object containment
It is more efficient to check for object containment violations at the IR level instead of in the protocol handlers. OStatus containment is especially a tricky situation, as the containment rules don't match those of IR and ActivityPub.
Accordingly, we just always do a final containment check at the IR level before the object is added to the IR object graph.
We also fix a couple of tests which now fail due to object containment violations.