Currently the HTTP handlers are attached to an API mux which is created inside
Setup(). In the future, we'll want to split this out so a single mux can have
both sync and clientapi handlers attached to it.
This involves:
- Parsing the HTTP request
- Requesting auth events from the roomserver via the Query API
- Building the event
- Doing auth checks on the event
- Sending it to the roomserver input log
Previously, the error responses:
- were not valid matrix errors (no `errcode`)
- returned the `err.Error()` message which may contain sensitive information.
- did not get logged (at all, let alone set the level correctly).
Now the error responses:
- return valid matrix errors (`M_UNKNOWN`)
- return a generic "Internal Server Error" string
- get logged at `ERROR` level.
Terse function names are used to make usage not stutter. For example:
```go
err := error.Forbidden("you shall not pass")
```
At the moment they are all the same fundamental `MatrixError` type. This will
be bad if we ever want to `switch` based on the kind of error. I'm hoping we
won't ever need to introspect into errors like this: ideally these errors would
be created purely for immediately being returned in an HTTP response.
`MatrixError` implements the `error` interface.