Disallow randos to spam room directory by default

[matrixbot]

This issue has been migrated from #15722.

---

Someone has published a bunch of political spam to our room directory and we discovered that this is allowed by default. I suggest to disable it by default.

Looks like the "allow anyone to publish to room directory" behavior comes from here: https://github.com/matrix-org/synapse/blob/ca8906be2cb821a0fb49ad1adf8440e79e64a398/synapse/config/room_directory.py

Config documentation for alias_creation_rules and room_list_publication_rules says:

If no rules match the request is denied. An empty list means no one can create aliases.

This is good, but the above rule is ignored if alias_creation_rules and room_list_publication_rules are missing from Synapse config.

Moderating the room directory admits it is an abuse vector:

Each Matrix server maintains a publicly viewable directory of rooms. By default, any user can publish rooms to the directory, which can be an abuse vector.

By default, any user can create room aliases, which can be an abuse vector - particularly given the risk of alias squatting, or creating publishing abusive aliases to point at existing rooms.

So how about disable it by default before any abuse happens? Thanks.