Need it to escape quirks mode in email clients.

Fixes: #347

Not using them anywhere on the site currently, so commented them out
in bootstrap.less and regenerated bootstrap.css.

Fix simple typo in docs, libary -> library

There is a small typo in templates/docs/python.md.

Should read `library` rather than `libary`.

Fixes: #348

Fixes: #462

Fixes: #450

* Add HTTP header authentiation backend/middleware

* Add docs for remote header auth

* Improve docs on external auth

* Add warning for unknown  REMOTE_USER_HEADER_TYPE

* Move active check for header auth to middleware
Add extra header type sanity check to the backend

* Add test cases for remote header login

* Improve header-based authentication

- remove the 'ID' mode
- add CustomHeaderBackend to AUTHENTICATION_BACKENDS conditionally
- rewrite CustomHeaderBackend and CustomHeaderMiddleware to
use less inherited code
- add more test cases

Co-authored-by: Pēteris Caune <[email protected]>

Move terraform-provider-healthchecksio to the "API Wrappers"
category, which is more appropriate than "Tools for Self-Hosting".

Move terraform-provider-healthchecksio to the "API Wrappers"
category, which is more appropriate than "Tools for Self-Hosting".

Fixes #455

Fixes #282

User handle is used in a username-less authentication, to map a
credential received from browser with an user account in the
database. Since we only use security keys as a second factor,
the user handle is not of much use to us.

The user handle:
 - must not be blank,
 - must not be a constant value,
 - must not contain personally identifiable information.

So we use random bytes, and don't store them on our end.

Changing user's password logs themselves out. To avoid that,
we were logging the user back in right after changing the password.

I recently discovered update_session_auth_hash, which seems to
be the proper way to do this.

Docs: https://docs.djangoproject.com/en/3.1/topics/auth/default/#session-invalidation-on-password-change