Related to T2367

Notably upgrade jQuery to 3.5 and use recommended dompurify option.

Split the test_origin_request_errors pita test into multiple smaller ones,
use hypothesis and remove some no more needed mocks.

Related to T2360

A new major version of MathJax typesetter has been recently released which
now enables to properly bundle the library with webpack.

So remove previous CDN use to get MathJax and use a self hosted version from
now on.

Closes T1680

- reformat the whole swh-web Python codebase using black tool

- add pre-commit hook to run black on all changed files

- update flake8 configuration to match black code style

- remove a lot of useless '# noqa' comments after new formatting

- add black processing in tox

Django 2.2 is now the version used in production so let's gain some tests
execution time by removing the django 1.11 build when using tox.

When an access token has expired, try to perform a silent OIDC session
refresh through the use of a Django middleware.

Closes T2267

Related to T2342

Related to T2342

Related to T2342

When browsing a release targetting a revision, also add a link to associated
directory view.

Since version 5.6, hypothesis warns on `@given` + function-scoped fixtures.
So turns concerned swh-web fixtures from function-scoped to session-scoped
(there is strictly no difference in tests execution result after that change)
and ignore some warnings related to external function-scoped fixtures that
are safe to use with @given (client from pytest-django and mocker from
pytest-mock).

When a snapshot contains a branch or a release alias, the display of pagination
links in the branches / releases view could be missing due to an invalid test
in the branches/releases view implementation.

Set sidebar state (collapsed / expanded) once css animation has finished
in order to make associated cypress test reliable.

Also set "enableRemember" option from adminlte PushMenu and remove custom
code that was doing the same operation as it is not needed anymore
(see https://adminlte.io/docs/3.0/javascript/push-menu.html).

Closes T2341

There's a python file with invalid syntax in there, which confuses it

No need to query the userinfo endpoint of the OIDC server when authenticating
as those information can also be found in the decoded access token.

Use more reliable access token expiration date.

Check groups claim is provided in decoded token before trying to read it.

Previously URL of type https://forge.example.org/user/project/sub-project/ were
not validated by the isGitRepoUrl function.

Closes T2331

No need to substract 1 from computed TTLs as it can lead to cache userinfo
with a 0 seconds TTL when access token is about to expire and thus send
multiple userinfo requests to the OIDC server on successive calls to the
Web API.

When a user is identified as staff, he/she should not be rate limited
when querying the Web API.

Related to T1927

Throttling requests is related to Django REST Framework and is only used in
the api part of swh-web. So move associated module from common submodule
to api one for consistency.

This backend for Django REST Framework enables to authenticate users through the
use of bearer tokens (provided by Keycloak) sent in HTTP request headers.

Closes T2249

Add Django plumbing in swh-web to use OpenID Connect authentication layer.

It enables to securely authenticate users stored in a remote identity
and access management server implementing OpenID Connect specifications.
For the swh-web case, the open source solution Keycloak will be used.

New Django views are also introduced in order for users to login/logout
from the main HTML interface.

A custom Django User model is also used for remote users in order to
store OpenID Connect related data and avoid to save users to Django
database (those sensitive information are already securely stored in
Keycloak so there is no need to duplicate them).

Closes T2245
Closes T2246
Closes T2295