Garbage-collect maintainers from anything but the rolling release

[fricklerhandwerk]

Since #793 we're only adding/updating maintainers with evaluation data from the rolling release:

nix-security-tracker/src/shared/evaluation.py

Lines 330 to 345 in 79b746c

	# Anything but the rolling release must be considered stale.
	# Therefore we only add new rows if this is not a rolling release.
	start = time.time()
	NixMaintainer.objects.bulk_create(
	bulk_maintainers.values(),
	# This will ignore existing rows and won't return primary keys when `True`.
	# That's okay because we'll fetch the relevant objects aftwards unconditionally.
	ignore_conflicts=not self.rolling_release,
	update_conflicts=self.rolling_release,
	unique_fields=["github_id"],
	update_fields=["github", "email", "matrix", "name"],
	)
	db_maintainers = NixMaintainer.objects.in_bulk(
	bulk_maintainers.keys(),
	field_name="github_id",
	)

But but maintainers entirely removed in Nixpkgs will currently persist in our database, which may become a security consideration if we ever give maintainers elevated privileges (at the moment, at worst a past maintainer may get pinged by an old suggestion, but this is unlikely given CVEs aren't really looked at beyond some age). Right now, whether someone is a maintainer is decided by whether they have a database entry:

nix-security-tracker/src/shared/auth/utils.py

Lines 17 to 20 in 79b746c

	def ismaintainer(user: Any) -> bool:
	return NixMaintainer.objects.filter(
	github_id=user.socialaccount_set.get(provider="github").uid
	).exists()

This must be garbage collected to ensure it corresponds to what's in the rolling release.