Disable web notifications for login-success

Per Niharika's comment at T220762#5105917, "we don't want an attacker
to learn that we detected an unusual login and cause them to change
the account password or such".

This was already set in WMF's config for LoginNotify; this moves it into
the extension itself, where it belongs.

Bug: T220780
Change-Id: I5adc5a52f10f2f37ae64ff0400c8d77b35d36aa1

includes/Hooks.php

@@ -27,7 +27,7 @@ class Hooks {
 		array &$notificationCategories,
 		array &$icons
 	) {
-		global $wgLoginNotifyEnableOnSuccess;
+		global $wgLoginNotifyEnableOnSuccess, $wgNotifyTypeAvailabilityByCategory;
 
 		$icons['LoginNotify-user-avatar'] = [
 			'path' => 'LoginNotify/UserAvatar.svg'
@@ -77,6 +77,10 @@ class Hooks {
 			$notifications['login-success'] = [
 				'category' => 'login-success',
 			] + $loginBase;
+			$wgNotifyTypeAvailabilityByCategory['login-success'] = [
+				'web' => false,
+				'email' => true,
+			];
 		}
 
 		return true;