[auth] pass `repo` instead of `vreg` to SessionManager and AuthenticationManager
Those object actually need a repo object to connect and create new session
object. They used to retrieve the repo object using
``vreg.config.repository()``. I'm trying to sanitise the initialisation stack
and get ride of ``config.repository()``, a function that mix factory and cache.
Retrieving the vreg from the repo is trivial (``repo.vreg``) so we now pass the
repo object instead of the vreg.
What's new in CubicWeb 4.0?
============================
API changes
-----------
* ``RepositorySessionManager.postlogin`` is now called with two arguments,
request and session. And this now happens before the session is linked to the
request.
* ``SessionManager`` and ``AuthenticationManager`` now take a repo object at
initialization time instead of a vreg.
Deprecated Code Drops
----------------------
* The ldapuser source has been dropped. ldapfeed is the only official source
remaining for ldap.
* session.hijack_user mechanism has been dropped.