realy already blocks access to DMs when auth is enabled, you can't do that without auth

the auth allows you to identify that the caller has the nsec that gives them the right to see sensitive events that contain their npub either as author or tagged, there's a set of event kinds that apply here, encrypted direct message, 1059, 1060 and i forget the application specific data kind, i think it's a 30k range parameterised replaceable, maybe 30002 or something