Delete expired SMS codes from database

[scy]

This is a follow-up to #122. The number_verification_requests table does not automatically remove entries with expired_at in the past. This could probably be done by a background task every hour or so.

However, we also wanted to have the feature “if someone repeatedly requests SMS but doesn’t enter the codes then, block this person”. This should probably also take already-expired requests into account.

Make sure to also have a look at the implementation in get_new_sms_auth_code to ensure it matches the design.

[scy]

Since 25a121e or bb34f9f, the blocking of logins handles expired and non-expired attempts pretty well. Deleting the expired codes is therefore now really just an optional housekeeping task.

[jbethune]

I'm thinking about adding an API endpoint to dearmep/api/v1.py. Maybe something like /maintenance/clean/{what} where what can be sms-codes. This removes all expired sms codes from the database. That endpoint can then be curled from a cronjob or any other timer. WDYT?

[scy]

Nah, we already have background jobs (see get_background_tasks in schedules/__init__.py), we don't need an endpoint for that.