[repository] split repo initialization from starting looping task (closes #2204047) This separation highlights that two distinct operations are done. This is a step towards a full distinction between repo, server and looping tasks

[repo looping task] move looping task logic in a dedicated object (progress #2204047)

[manage / default index views] discard login/logout templates

devtools-request: transmit the headers keyword argument to the request class Otherwise the headers kwargs end up in the form. This is very useful for testing publish logic related to http header (as cache).

[security] use a stronger encryption algorythm for password, keeping bw compat Administrator should ask their users to reenter new password so they benefit from the new encryption. Also, new encryption is cross-platform compatible, eg you may now move an instance from windows to linux painlessly

[cache] factorize _validate_cache() logic implemented in wsgi and twisted handlers

[fake-request] support `http_method()`

[Web-Request] Use rich header (closes #2204164) Unify header management. All web request use the Headers class now (imported from twisted). Code dedicated to header management have been merged into the base WebRequest class.

http-header: support __contains__ in Headers You can now use:: >>> 'expires" in headers True

[web] Move request handling logic into cubicweb application. (closes #2200684) We improve http status handling in the process: ``application.publish`` have been renamed to ``application.handle`` to better reflect it's roles. The request object gain a status_out attribute to convey the HTTP status of the response. WSGI and etwist code have been updated. Exception gain status attribute