[dbapi] makes anonymous_connection a computed property
The current implementation is a boolean flag set manually by client code after
connection creation. This led to different way to decide a anonymous_connection
should be True (eg. different in the test than in the actual application code).
It should not be client responsibility to set this flag.
``cnx.anonymous_connection`` is now a purely computed property. Connection with user in the
"guests" group are anonymous, the other ain't.
``Session.anonymous_session`` is computed from ``cnx.anonymous_connection`` and get
the updated behavior transparently.
Closes #2953943
What's new in CubicWeb 4.0?
============================
Behavior Changes
----------------
* The anonymous property of Session and Connection are now computed from the
related user login. If it match the ``anonymous-user`` in the config the
connection is anonymous. Beware that the ``anonymous-user`` config is web
specific. Therefore, no session may be anonymous in repository only setup.
API changes
-----------
* ``RepositorySessionManager.postlogin`` is now called with two arguments,
request and session. And this now happens before the session is linked to the
request.
* ``SessionManager`` and ``AuthenticationManager`` now take a repo object at
initialization time instead of a vreg.
* The ``async`` argument of ``_cw.call_service`` have been dropped. All call are
now synchronous. The zmq notification bus looks like a good replacement for
most async usecase.
* ``repo.stats()`` is now deprecated. The same information are available through
a service (``_cw.call_service('repo_stats')``)
* ``repo.gc_stats()`` is now deprecated. The same information are available through
a service (``_cw.call_service('repo_gc_stats')``)
* ``request.set_session`` no longer takes an optional ``user`` argument.
Deprecated Code Drops
----------------------
* The ldapuser source has been dropped. ldapfeed is the only official source
remaining for ldap.
* session.hijack_user mechanism has been dropped.