[webrequest] simplify set_session code Thanks to the previous changeset we are assured that session handed to set_session is full featured one. This allows a simpler code for this method. related to #2503918

[webrequest] set DBAPISession without cnx at initialisation time Such session are necessary for minimal use of a Request. Setting on by default allow simplification later linking with a full featured DBAPISession or equivalent. This was not possible before as all session was tracked by session manager. They are not tracked anymore since aa709bc6b6c1 and we can safely create them by default. related to #2503918

[testlib] rework request building in init_authentication The previous code was building a full authenticated request and tried to undo the authentication afterward. The new code just create a bare Request with no authenticated session linked yet. This is much closer of what the actual authentication process does.

[request] drop the user argument for set_session I see no code nor test that use this optional argument. removing it help to clean the session code. The set_session function will soon be deprecated anyway (at the same time than the dbapi) related to #2503918

[web-request] handle default language earlier We now read language negotiation header at initialisation time (previously done during ``set_session``). This simplify the set_session code for later reworking. There is no change in behavior, the user selected language continue to overwrite the one picked from the header/default when applicable. related to #2503918

[etwist] pass the repository to the root resource This is another step toward a cleaner instantiation scheme for the repo. The http test now pass an already created object to the etwist server instead of relying on the config cache. Related to #2249513

[repo] move repo.gc_stats to Service API (closes #2951068) We currently have a method on the repo that anyone can call. `call_service` gives a similar thing, modulo: * can be restricted access to manager only (thanks to selection on services), * less unrelated code on the repository class, * no need to fetch a reference to a repo object from the client side * (`req._cnx.repo` is not an API and config.repository() is on its way out). The old way to access this information (repo.gc_stats()) is deprecated.

[repo] move repo stats to Service (closes #2951067) We currently add a new method on repo that anyone can call. Call service allows to reach the same result with: * Restricted access to manager only (thanks to selection on services), * Less unrelated code on the repo. * No need to fetch a reference to a repo object from client side. `req._cnx.repo` is not an API and config.repository() is on its way out. The old way to access this information (repo.stats()) is deprecated.

[service] drop the asynchronous execution possibility Call_service was able of both sync and sync execution making the API confusing. There is not user of the async case. We drop the async argument in favor of synchronous execution only. This makes call_service the official API to call server side code from the client side. This is a remplacement for the usual monkey patching of the repo object. The zmq notification bus is a solid alternative for codes that needs to start an async execution.

[auth] pass `repo` instead of `vreg` to SessionManager and AuthenticationManager Those object actually need a repo object to connect and create new session object. They used to retrieve the repo object using ``vreg.config.repository()``. I'm trying to sanitise the initialisation stack and get ride of ``config.repository()``, a function that mix factory and cache. Retrieving the vreg from the repo is trivial (``repo.vreg``) so we now pass the repo object instead of the vreg.

web/application: instantiate the repository outside of CubicWebPublisher This improves decoupling and allows ``CubicWebPublisher`` user to choose which argument are used during ``Repository`` instantiation. In particular is allows caller to provide a ``TaskManager``. The `vreg` argument of publisher is made mandatory. See CubicWebPublisher docstring for details. Related to #2249513

remove vreg argument to CWPublisher The passing a vreg to CWPublisher was used by test to allow reused of an existing vreg. We dropped this feature two commit ago and can safely removes it. Removing this argument allows later cleanup and improvement on the CWPublisher and Repository front. closes #2944813

[devtools] vreg becomes a class ppty After multiple devtools refactoring, the vreg used for test is now *always* got from the repository. Making this explicit is a step toward simplification of the vreg handling during various initialisation phases. Related to #2944813

[devtools] drop unused `reset_schema` and `reset_vreg` class attribute They have no effect and no user... Related to #2944813

[connection] move security control logic on Connection The _security_enabled context manager now operate on connection. We have to keep a specific entry point in Session to ensure Connection object are properly cleaned up when using session to "manage" Connection live cycle. Related to #2503918

[connection] move hook control logic on Connection The _hook_control context manager now operate on connection. We have to keep a specific entry point in Session to ensure Connection object are properly cleaned up when using session to "manage" Connection live cycle. Related to #2503918