[server/session] Implement anonymous_session
Now we have a simple rule to compute if a session is anonymous we can implement
the property for server session too. Having it on server side session will helps
the rework of the API to access repository. The new schema drop the concept of
DBAPISession and use server side session for the same purpose.
Related to #2953943
Related to #2503918
What's new in CubicWeb 4.0?
============================
Behavior Changes
----------------
* The anonymous property of Session and Connection are now computed from the
related user login. If it match the ``anonymous-user`` in the config the
connection is anonymous. Beware that the ``anonymous-user`` config is web
specific. Therefore, no session may be anonymous in repository only setup.
API changes
-----------
* ``RepositorySessionManager.postlogin`` is now called with two arguments,
request and session. And this now happens before the session is linked to the
request.
* ``SessionManager`` and ``AuthenticationManager`` now take a repo object at
initialization time instead of a vreg.
* The ``async`` argument of ``_cw.call_service`` have been dropped. All call are
now synchronous. The zmq notification bus looks like a good replacement for
most async usecase.
* ``repo.stats()`` is now deprecated. The same information are available through
a service (``_cw.call_service('repo_stats')``)
* ``repo.gc_stats()`` is now deprecated. The same information are available through
a service (``_cw.call_service('repo_gc_stats')``)
* ``request.set_session`` no longer takes an optional ``user`` argument.
* CubicwebTC does not have repo and cnx as class attributes anymore. They are
standard instance attributes. ``set_cnx`` and ``_init_repo`` class methods
become instance methods.
Deprecated Code Drops
----------------------
* The ldapuser source has been dropped. ldapfeed is the only official source
remaining for ldap.
* session.hijack_user mechanism has been dropped.