https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-02

We choose Lax and not Strict so that we can open links to ERP5 from
external applications and so that OAuth Logins work. Implementing the
"two cookies, one for read one for write" approach suggested in
https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-02#section-8.8.2
would be too big change at this point.

First,  cleanup `testERPSecurity`, moving related tests in sub-classes instead of big classes with lots of tests (diff is big, because methods are moved around)

Change google and facebook login to reuse `portal.setAuthCookie`, which is the central point to set a cookie securely so that it can be used for authentication.

Refactor management of oauth keys to fix [#20181121-1A36AE2](https://nexedi.erp5.net/bug_module/20181121-1A36AE2).

Some minor fixes in business template definition.

/reviewed-on !803

Originally, there was a regression introduce in my recent changes that "Comment Author" column was always empty.

This MR contains some more refactoring for "Comment Date" and "Comment Author" columns:

![image](/uploads/7b07a6a5610d533f1435af45b3716104/image.png)

On the visible side, "Comment Date" column has been simplified, it used to show "hour:minutes" if the message was posted today, and "year/month/day" if the post was older. It's now a simple date time field (using `Base_viewCRMFieldLibrary/my_event_start_date`), for consistency.

On the implementation side, they now use existing `SupportRequest_getCommentPostListAsJson` script, which simplified code a lot. That script was also renamed as `SupportRequest_getCommentPostList`, because it's no longer returning JSON.

/reviewed-on nexedi/erp5!804

Some tickets (for example Support Request or Bugs) are focus on one small thing being discussed where usually a small number of events are posted.

Unlike for example  a campaign where there is a large number of events sent to a large number of recipients, in the case of these "small, self contained" tickets, it makes a lot of sense to see that the ticket was modified when a new event is posted on this ticket.

This is what we sometimes customize in some support request fast input. It was the case in Support Request App, but this was removed in 74fc68a7 , this time it's done at a lower level and such customisations are no longer needed.

/reviewed-on !807

Because this was displaying all worklists from ticket_worklist, which is
also used for all tickets (including for example Campaigns) and that
displaying other kind of tickets that Support Request is not supported
on this app, we should filter the worklists to display only support requests.

/reviewed-on !808

testERP5Core: jump_related_object is lower priority now. See 9e152672.

Also add a comment in getSearchableText to explain why

As it will get the string represenation of the dates, and not even
the date formatted given the system / user preferences. Thus it makes
no sense to fulltext search on it.

also make testTemplateTool.test_updateBusinessTemplateFromUrl_keep_list
more isolated ( but testTemplateTool still has isolation issues )

Install erp5js tests to use its macros.

Translation attributes have been removed.

Stop the test as soon as an error occurs

This prevent to load the translation gadget during the page load

Do not prevent different gadget to be loaded in parallel

Reduce number of acquire method call

Stop displaying the loader everytime jIO is called.
This clarify the loader meaning: the page is rendering.

Stop displaying the header loader during the first rendering.

Panel is already closed during bootstrap