Various javascript functionalities and forms in the web interface
make calls to the API to get or process data. The current
Apache configuration (verify a certificate IF presented on /api/*)
causes pop-ups for users who have certificates in their browsers
if they visit any pages which have these functionalities. So we have
changed all of those URLs to use /apiweb/ for now to prevent the
certificate challenge.  This will be resolved in the future by
getting away from certificate-based authentication.

VOEvent IVORNs now use ivo://gwnet/LVC instead of
ivo://gwnet/gcn_sender. Also use the default superevent ID everywhere
in a VOEvent, including filename, even if it has a GW ID.

Containerized versions of the service will now get their LVAlert
credentials from the environment.  Also add a script for
processing environment variables and starting LVAlert overseer.

New API backend which gets a full X509 certificate, verifies it,
and extracts the subject.  To be used in the cloud deployment
with Traefik.

Settings have been reorganized and how different parameters are
determined has been reworked to be compatible with both a Puppet-based
VM deployment and a containerized deployment

We had removed the ability for GraceDbModelBackend to do
authentication, but it is relied on for basic auth by the
BasicAuthentication class in django-rest-framework.  So we undo
that change and remove the GraceDbModelBackend class altogether
in favor of its parent, ModelPermissionsForObjectBackend.

Add django-user-sessions package for more easily managing sessions
and correlating them with user accounts.

We now have a single API endpoint, /api/, which can handle all
authentication methods directed to it.  The /apibasic/ and
/apiweb/ URLs will probably be maintained for legacy reasons,
but will not include any additional logic (they will just be
carbon-copies of /api/ under a different namespace).

We use a few redirects to handle login and extraction of the
shibboleth attributes in a post-login page.

Can be used to restrict access to a view to only the groups
whose names are passed as arguments to the decorator.

Complete rework of authentication middleware and backends for
both the web view and the API. There is now a single URL (after
the login page) where the shibboleth attributes are put into
the session and the user is authenticated and a persistent
Django session is created.

No need to have explicit view functions for a few basic views,
we just use the built-in TemplateView instead.

Add access_managers and superevent_managers to ADMIN_MANAGED_GROUPS.
They will be removed in the near future, but for now, they should
be included here so that group memberships are not removed by the
ligoauth middleware.

silk was slowing things quite a bit so we won't use it by default,
even in development instances.

Rename config/settings/test.py -> config/settings/dev.py to prevent
the file from being picked up by the test runner during unit testing.

Now require version 2.0.0 of the client and won't allow old
versions without the client header.

Instantiating a second version for the API.  For now, it's identical
to v1, but can be customized as needed in the future.

Moving a few base class throttles and fields from the events app up
one level so that they can be used elsewhere.

Moved events.api and superevents.api into the new api app.
We want to have a versioned API, so these are now in
api.v1.events and api.v1.superevents, respectively. Part of this
change is that we require a custom reverse function (api_reverse)
for handling versioning. Much of the required code changes for this
migration include converting reverses to use this function and
changing relative imports appropriately.