Lock down or delete document

[cben]

The current Firebase security rules make document history append-only. This means that once a document's URL gets out, it's full history is forever accessible to the the world.

• What's worse, deleting text in the editor seems to do the job. There is no hint yet in the UI that older versions are there — but recovering older text is not really hard.

This is not defensible. Users universally expect the ability to delete forever content they created (and sometimes sue for this).

But there is a tradeoff with vandalism. Allowing anyone who saw your work to delete it entirely is also bad. I'm not sure I want to support this until I have logged-in users who "own" a document.

A related alternative (closely related to #91) is retaining the document but locking down access — even read access — to require a longer secret URL.