[cache] factorize _validate_cache() logic implemented in wsgi and twisted handlers

[fake-request] support `http_method()`

[Web-Request] Use rich header (closes #2204164) Unify header management. All web request use the Headers class now (imported from twisted). Code dedicated to header management have been merged into the base WebRequest class.

http-header: support __contains__ in Headers You can now use:: >>> 'expires" in headers True

[web] Move request handling logic into cubicweb application. (closes #2200684) We improve http status handling in the process: ``application.publish`` have been renamed to ``application.handle`` to better reflect it's roles. The request object gain a status_out attribute to convey the HTTP status of the response. WSGI and etwist code have been updated. Exception gain status attribute

[login] split authentication logic from post authentication logic (closes #2200755) * The Session manager is now only in charge of providing a valid session. * LoginControllers are now used in all case but wrong credential. * The LoginControllers are in charge of redirecting the user to the page wanted to see in the first place, expected to see. * The login form is now always submitted to the login controller with an extra argument pointing to the url we should redirect too after successful authentication. The ``"log out first logic"`` logic on login controller is removed because: 1. Other web actor do not do that. 2. Removed code do not need to be reimplemented. 3. We can only get it to work again in a single case: use do a GET request on http://www.my-cw-stuff.io/login 4. I do not see it's purpose.