If the email body is above a certain size, Gmail trims it
and displays "[Message clipped]  View entire message" at
the end. The spaceless tag is a quick fix to reduce
HTML size a bit and allow more table rows to fit before
clipping.

With a catch-all "except:" rule, we would swallow any unexpected
exceptions (ValueError, etc.) in cronsim. But we want to know
about them. cron_preview is a place where we can afford to crash, and generate a crash report.

Previous retry logic was:
- max 3 tries
- every try times out after 5 seconds

The new retry logic is:
- max 3 tries
- every try times out after 10 seconds
- if the first two tries have used > 10 seconds, don't
  do the third try

cc: #569

cc: #565, #568

Context: #568

Fixes: #566

Fixes: #565

Also, split Dockerfile into two stages, so rust
and other build dependencies don't end up in the final image.

Note cryptography has binary wheels for various architectures,
but unfortunately not for 32-bit arm. And, starting from v35.0.0,
cryptography requires rust to build from source.

Bullseye isn't currently supported on the Pi 4

This massively reduces the size of the final container

In the Details page, if the user click "Ping Now",
and the project is using {ping-key}/{slug} URLs,
but the ping key is not set, then show a
"Ping Key Required" message instead of trying to ping
and invalid URL.

cc: #547

1. Drop API support for GET, DELETE requests with a request body.
Healthchecks had an undocumented quirk where you could authenticate a
GET or DELETE request by putting a '{"api_key":"..."}' in request body.
This commit removes this feature.

Note: POST requests can still authenticate either by sending
a X-Api-Key header, or by putting a "api_key" key in request body.
GET and DELETE requests can now only authenticate with the
request header.

2. Add missing @csrf_exempt annotations in API views
When client sends a HTTP POST request to a GET-only endpoint,
the server is supposed to respond with "405 Method Not Allowed".
Due to CSRF checking, a couple endpoints were responding with
"403 Forbidden" instead. Adding @csrf_exempt annotations fixes
the problem.