Fix info leak of removed & deleted via post embeds.

Embedded local posts (posts which link to posts on the same site)
embed the linked post using submission_listing.html via
helpers/jinja2:post_embed. This suffered from much the same issue
recently fixed in submission.html through the addition of
`v_forbid_deleted` in the template before outputting privileged
information. A similar fix has been applied to submission_listing.

Unfortunately, this is not the most elegant fix. Surely this would be
better resolved more centrally in the submission model. However, I am
not clear at present about the precise interaction between deletion,
removal, and realbody & realurl in all of the different places they
are used. This commit fixes the problem, but it also highlights a
potential future refactoring target.

files/templates/submission_listing.html

@@ -65,6 +65,8 @@
 	{% set voted=-2 %}
 {% endif %}
 
+{% set v_forbid_deleted = (p.deleted_utc != 0 or p.is_banned) and not (v and v.admin_level >= 2) and not (v and v.id == p.author_id) %}
+
 {% if p.active_flags(v) %}
 	<div id="flaggers-{{p.id}}" class="flaggers d-none">
 		<strong><i class="far fa-fw fa-flag"></i> Reported by:</strong>
@@ -112,6 +114,7 @@
 
 		<div class="card-header bg-transparent border-0 d-flex flex-row flex-nowrap pl-2 pl-md-0 p-0 mr-md-2">
 
+			{% if not v_forbid_deleted %}
 			<div style="z-index: 3;">
 				{% if p.club and not (v and (v.paid_dues or v.id == p.author_id)) %}
 					<img alt="post thumnail" loading="lazy" src="/e/marseyglow.webp" class="post-img">
@@ -135,6 +138,7 @@
 					</a>
 				{% endif %}
 			</div>
+			{% endif %}
 
 
 		</div>
@@ -337,7 +341,7 @@
 
 </div>
 
-{% if not p.club or v and (v.paid_dues or v.id == p.author_id) %}
+{% if (not p.club or v and (v.paid_dues or v.id == p.author_id)) and not v_forbid_deleted %}
 	{% if p.realbody(v) %}
 		<div class="d-none card rounded border pt-3 pb-2 my-2 {% if p.author.agendaposter %}agendaposter{% endif %}" id="post-text-{{p.id}}">
 			{{p.realbody(v) | safe}}