allow untrusted certs to manage own pastes

Split authentication into two functions:
- get_client_fingerprint(): Identity for ownership (any cert)
- get_client_id(): Elevated privileges (trusted certs only)

Behavior:
- Anonymous: Create only, strict limits
- Untrusted cert: Create + delete/update/list own pastes, strict limits
- Trusted cert: All operations, relaxed limits (50MB, 5x rate)

Updated tests to reflect new behavior where revoked certs
can still manage their own pastes.

tests/test_security.py

@@ -237,7 +237,7 @@ class TestSizeLimits:
         assert response.status_code == 413
         data = json.loads(response.data)
         assert "error" in data
-        assert data["authenticated"] is False
+        assert data["trusted"] is False
 
     def test_authenticated_larger_limit(self, app, client, auth_header):
         """Authenticated users have larger size limit."""