There are two steps to rebuilding the user directory:

1. a scan over rooms, followed by
2. a scan over local users.

The former reads avatars and displaynames from the `room_memberships`
table and therefore contains potentially private avatars and
displaynames. The latter reads from the the `profiles` table which only
contains public data; moreover it will overwrite any private profiles
that the rooms scan may have written to the user directory. This means
that the rebuild could leak private user while the rebuild was in
progress, but would eventually cover up the leaks once the rebuild
completed.

This change skips over local users when writing user_directory rows
when scanning rooms. Doing so means that it'll take longer for a rebuild
to make local users searchable, which is unfortunate. I think a future
PR can improve this by swapping the order of the two steps above. (And
indeed there's more to do here, e.g. copying from `profiles` without
going via Python.)

This was meant to be pulled into `purge_and_rebuild_user_dir`

No functional change; it's still before the first read of `is_public`.

Slightly nicer and makes the code simpler.

… is empty

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>

Rich did ask me to, I just didn't listen