Avatar backends may need to send identifying information, such as an

e-mail address or a hash of an e-mail address, to another service. For

applications complying with the GDPR, this may require gathering consent

from users.
This change introduces a new attribute on the backend,

consent_requirement_id, which specifies the ID of a consent

requirement that must be granted before the backend can be used to

render an avatar. This is only enforced if the new

AvatarServiceRegistry.ENABLE_CONSENT_CHECKS is set in siteconfig. Any

backends requiring consent that haven't been granted consent will be

skipped when rendering avatars.
The Gravatar backend has been updated accordingly to enable consent

checks.

Unit tests passed.
Tested using the Gravatar backend (set as default on the server and on my

user), with consent not set, denied, and granted. In all but the granted

state, avatars did not appear for my user anywhere. In the granted state,

they did. I was able to toggle this and change it at any time.