We use a few redirects to handle login and extraction of the
shibboleth attributes in a post-login page.

Can be used to restrict access to a view to only the groups
whose names are passed as arguments to the decorator.

Complete rework of authentication middleware and backends for
both the web view and the API. There is now a single URL (after
the login page) where the shibboleth attributes are put into
the session and the user is authenticated and a persistent
Django session is created.

Utility function for determining whether a request is directed at the
API.  Can specify that the check is for a certain API "type", like
shibboleth, X509, or basic.

Event file list web view was incorrectly showing the symlinked
version of a file to external users, even when they didn't have
permission to view that version of the file.

We now use ValidateDestroyMixin rather than SafeDeleteMixin for
handling removal of events from a superevent.  Some additional
logic in other places was no longer needed.

Some of the search utilities were still in the separate
events and superevents apps, so we moved them to the search app
and tried to clean things up a bit.  It's still kind of a mess
and probably not worth doing a full cleanup until we rework
the search.

Allow queries on whether a superevent is publicly available or
not. Add documentation to the query help page.

Queries which directly include a superevent ID should not have the
default category restrictions (not Test & not MDC) applied since
the category is determined by the superevent ID prefix.

Create new CustomDecimalField for handling float inputs better
than they are handled in rest_framework.fields.DecimalField.

No need to have explicit view functions for a few basic views,
we just use the built-in TemplateView instead.

Some X509 certificate subjects which were obtained from the LIGO
LDAP were being truncated upon insertion into the database since
they were longer than the upper limit imposed here of 200 characters.
I asked the LIGO auth team for guidance as to whether there is any
kind of upper limit imposed at that level, but did not receive any
feedback.  So I am increasing it to 300 characters here and hoping
that is enough that we will never have to revisit this issue.  It will
also be necessary to clean up any certificates in the database which
are truncated.

Robot user group memberships are entirely managed within GraceDB and
should not be added/removed based on request header content.

RobotUser should only be used for robot user accounts.  It's a clunky
way of identifying robot accounts, but it's all we have for now.

Add access_managers and superevent_managers to ADMIN_MANAGED_GROUPS.
They will be removed in the near future, but for now, they should
be included here so that group memberships are not removed by the
ligoauth middleware.

Failover to lvalert_send now uses new LVALert Python API, rather
than forking a Process to call the lvalert_send script.

Upgrade to newest LVAlert package and fix some requirements.
There is a bug with sleekxmpp and certain versions of pyasn1-modules,
so we revert the version of that and pyasn1. We also remove some
requirements which are really dependencies of requirements.

The 'search' and 'latest' pages will now default to superevents
rather than events.

All calls to event.graceid() -> event.graceid.