features
  NIP-42 AUTH
  archival mode (no deleting of events)
  asynchronous plugins (multiple in flight at once)
  slow-websocket connection detection and back-pressure
  in sync/stream, log bytes up/down and compression ratios
  ? NIP-45 COUNT
  ? less verbose default logging
  ? kill plugin if it times out

rate limits (maybe not needed now that we have plugins?)
  event writes per second per ip
  max connections per ip (nginx?)
  max bandwidth up/down (nginx?)
  log IP address in sendNoticeError and elsewhere where it makes sense
  ? events that contain IP/pubkey/etc block-lists in their contents
  ? limit on total number of events from a DBScan, not just per filter
  ? time limit on DBScan

misc
  ? periodic reaping of disconnected sockets (maybe autoping is doing this already)
  ? warn when run as root