SECURITY: Don't send suppressed recent changes to RCFeeds

CVE-2025-61643

Why:
* Some RecentChange objects being processed by
  RecentChangeRCFeedNotifier::notifyRCFeeds can be already
  deleted / suppressed
** This can happen for log entries which are deleted or suppressed
   when they are created such as described by T280413
* RecentChanges feeds are often not equipped to handle appropriate
  redaction of deleted or suppressed recent change entries
** Therefore, sending them suppressed recentchanges entries will
   likely publicly expose the suppressed information
* As a short-term fix we can stop sending any defined RCFeed
  instances RecentChange objects which are suppressed
** We may want to consider making RCFeeds capable of suppressing
   information before publishing the data, but that would need a
   more considered approach.

What:
* Update RecentChangeRCFeedNotifier::notifyRCFeeds to return early
  if the rc_deleted attribute on the provided RecentChange object
  isn't zero (0 means not deleted).
* Add a PHPUnit test to check for this

Bug: T403757
Change-Id: Ic5e553bab8e82e7faee323a46ed6704043c5163b

includes/recentchanges/RecentChange.php

@@ -577,6 +577,12 @@ class RecentChange implements Taggable {
 	 * @param array|null $feeds Optional feeds to send to, defaults to $wgRCFeeds
 	 */
 	public function notifyRCFeeds( ?array $feeds = null ) {
+		// T403757: Don't send 'suppressed from creation' recent changes entries to the RCFeeds as they do not
+		// have systems to appropriately redact suppressed / deleted material
+		if ( $this->mAttribs['rc_deleted'] != 0 ) {
+			return;
+		}
+
 		$feeds ??=
 			MediaWikiServices::getInstance()->getMainConfig()->get( MainConfigNames::RCFeeds );