- addThumb and deleteThumb are now protected routes (duh)
- new getThumbs route GET /api/v3/topics/<tid>/thumbs
- Updated `assert.path` middleware to better handle if relative paths are received with upload_url
- Slight refactor of thumbs lib to use validator to differentiate between tid and UUID
* fix: add back topic assert middleware for pin route
* feat: server-side handling of pin expiries
* refactor: togglePin to not require uid parameter [breaking]
* feat: automatic unpinning if pin has expiration set
* feat: client-side modal for setting pin expiration
* refactor: categories.getPinnedTids to accept multiple cids
... in preparation for pin expiry logic, direct access to *:pinned zsets is discouraged
* fix: remove references to since-removed jobs file for topics
* feat: expire pins when getPinnedTids is called
* refactor: make the togglePin change non-breaking
The 'action:topic.pin' hook now sends uid again, as before. However, if it is a system action (that is, a pin that expired), 'system' will be sent in instead of a valid uid
