When an access token has expired, try to perform a silent OIDC session
refresh through the use of a Django middleware.

Closes T2267

Related to T2342

Related to T2342

Related to T2342

When browsing a release targetting a revision, also add a link to associated
directory view.

Since version 5.6, hypothesis warns on `@given` + function-scoped fixtures.
So turns concerned swh-web fixtures from function-scoped to session-scoped
(there is strictly no difference in tests execution result after that change)
and ignore some warnings related to external function-scoped fixtures that
are safe to use with @given (client from pytest-django and mocker from
pytest-mock).

When a snapshot contains a branch or a release alias, the display of pagination
links in the branches / releases view could be missing due to an invalid test
in the branches/releases view implementation.

Set sidebar state (collapsed / expanded) once css animation has finished
in order to make associated cypress test reliable.

Also set "enableRemember" option from adminlte PushMenu and remove custom
code that was doing the same operation as it is not needed anymore
(see https://adminlte.io/docs/3.0/javascript/push-menu.html).

Closes T2341

There's a python file with invalid syntax in there, which confuses it

No need to query the userinfo endpoint of the OIDC server when authenticating
as those information can also be found in the decoded access token.

Use more reliable access token expiration date.

Check groups claim is provided in decoded token before trying to read it.

Previously URL of type https://forge.example.org/user/project/sub-project/ were
not validated by the isGitRepoUrl function.

Closes T2331

No need to substract 1 from computed TTLs as it can lead to cache userinfo
with a 0 seconds TTL when access token is about to expire and thus send
multiple userinfo requests to the OIDC server on successive calls to the
Web API.

When a user is identified as staff, he/she should not be rate limited
when querying the Web API.

Related to T1927

Throttling requests is related to Django REST Framework and is only used in
the api part of swh-web. So move associated module from common submodule
to api one for consistency.

This backend for Django REST Framework enables to authenticate users through the
use of bearer tokens (provided by Keycloak) sent in HTTP request headers.

Closes T2249

Add Django plumbing in swh-web to use OpenID Connect authentication layer.

It enables to securely authenticate users stored in a remote identity
and access management server implementing OpenID Connect specifications.
For the swh-web case, the open source solution Keycloak will be used.

New Django views are also introduced in order for users to login/logout
from the main HTML interface.

A custom Django User model is also used for remote users in order to
store OpenID Connect related data and avoid to save users to Django
database (those sensitive information are already securely stored in
Keycloak so there is no need to duplicate them).

Closes T2245
Closes T2246
Closes T2295

Related to D2820

Closes T2294

swh.model.from_disk.Directory.from_disk signature and usage have changed
since rDMOD6da524cb2bd8b870eaa0be477837694617cfff1b.

Also add a new rule to enforce consistent spacing inside braces.

closes T2286

This will prevent bad surprises when users simply invoke pytest in the root folder
of swh-web as default profile makes tests execution slow and tests can fail depending
on the hypothesis version used.

It will enable to find an origin when users provide urls with or without
a trailing slash.

Closes T1852
Closes T2289

Closes T2141

Closes T2284