[view] breadcrumbs layout broken with long elements (closes #1347486)

[static-file] return Unauthorized on blocked directory listing This is more appropriate than 404 NOT FOUND

[login redirect] only add postlogin_path argument when meaningful

static-file: properly set/use cache header for static file (closes #2255013) This changesets enables the standard http cache mechanism where the static controller may reply "304 Not modified" based on `last-modified` in HTTP response and `if-modified-since` in HTTP query. The last modified time is computed using the file-system information. The pre-existing logic using an `Expires` header to prevent client from sending request stay in place. The new logic just prevents sending the file again if not necessary.

[repository] move task manager instantiation outside repository. Repository callers are in charge of providing a task manager. The task manager is optional when the repository is not a server. This part is not really expected to work well yet. But we aim to remove all task management responsibilities from the Repository object.

[repository] split repo initialization from starting looping task (closes #2204047) This separation highlights that two distinct operations are done. This is a step towards a full distinction between repo, server and looping tasks

[repo looping task] move looping task logic in a dedicated object (progress #2204047)

[manage / default index views] discard login/logout templates

devtools-request: transmit the headers keyword argument to the request class Otherwise the headers kwargs end up in the form. This is very useful for testing publish logic related to http header (as cache).

[security] use a stronger encryption algorythm for password, keeping bw compat Administrator should ask their users to reenter new password so they benefit from the new encryption. Also, new encryption is cross-platform compatible, eg you may now move an instance from windows to linux painlessly