[repo] fix extid2entity to ensure connection's has a cnxset else we'll call source.doexec, which attempt to access to cnxset.cu, and crash in some case (eg unittest_cwxmlparser in sobjects/test). Also, manually switch to 'write' mode to ensure cnxset is not released until commit/rollback when some entity is inserted.

[test] update sobjects/test/unittest_cwxmlparser to cw 3.19 api

[repo] make it clear in internal_cnx that security is disabled as explained in its docstring. It was previously relying on internal connection's fake user (InternalManager) for read security and on disabling security hooks for write security. Using the security_enabled context manager is more readable and more reliable: while the older implementation works thanks to the InternalManager associated to the session, custom hooks should rely on session.[read|write]_security being correctly set. This change also allows selecting Password attributes in internal connections without explicitly disabling read security.