A Geo transfer request arrives with a JWT header with the right data (e.g. URL
`/api/v4/geo/transfers/lfs/1` for LFS object ID 1, with a JWT token that
includes the corresponding LFS OID).

Workhorse proxies the request and the Rails backend verifies the validity of
the request.  If the request is valid, the Rails backend uses X-Sendfile
functionality in Workhorse/nginx to send data back to the client.

Current Geo Nodes use the system hook token for authentication, which is not
that secure. This implementation creates an access identifier and an secret
access key for each GeoNode. The GeoNode uses that to create a JWT token in
the Authorization header. The secret access key is encrypted with the
db_key_base valid and replicated in PostgreSQL. Since `db_key_base` has to be
correct to decode this field, we are ultimately relying on the security of
that key.

The primary GeoNode receives the Authorization header, looks up the proper
GeoNode with the access identifier, and then validates the JWT token. We
expect that the times of the nodes are synchronized within 1 minute to prevent
replay attacks.

Default to dangerous MR merge button - EE merge edition

See merge request !1313

Port of 27501-api-use-visibility-everywhere to EE

See merge request !1267

Override the `ApplicationSetting` default visibility_level setters so
they accept strings & integers for the levels.

Add `visibility` & `visibility=` methods to the
`Gitlab::VisibilityLevel` module so the `visibility_level` can be
get/set with a string value.

CE upstream: Thursday

See merge request !1339

And add changelog entry.

Use strings for the ApplicationSetting properties:
 - restricted_visibility_levels
 - default_project_visibility
 - default_snippet_visibility
 - default_group_visibility

Because environments also expose the project, ensure the projects are
exposed as they were before in API v3.

Instead of exposing the VisibilityLevel as Integer, expose it as
String `visibility`.

Instead of exposing the VisibilityLevel as Integer, expose it as
String `visibility` for Project and ProjectSnippet.

Filter queries also accept the `visibility` as String instead of
`visibility_level` as Integer.

Also remove the `public` boolean.

Return 204 on all DELETE endpoints

See merge request !1312

Add docs on how to install GitLab on GCP

See merge request !1340

[ci skip]

For the API, the VisibilityLevel will be exposed as String instead of
Integer. So add the string values and method to translate a level
integer to a string.

Correct the return code description for 204

See merge request !9648

CORS: Whitelist pagination headers

Closes #28405

See merge request !9651

Remove jQuery UI

Closes #18437

See merge request !9649

Fix updaing commit status when using optional attributes

Closes #28656 and #25784

See merge request !9618

CE Upstream - Wednesday

See merge request !1330

Use v4 endpoint in API docs

See merge request !1338

API issues - support filtering by iids

Closes #28257

See merge request !9541

cleanup SSH key details

Closes #28896

See merge request !9643

Enable filtering milestones by search criteria in the API

Closes #28807

See merge request !9606

Signed-off-by: Rémy Coutable <remy@rymai.me>

jQuery UI is no longer used anywhere so say goodbye to it from package.json & Gemfile

See https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9245

Conflicts:
	app/assets/javascripts/merge_request_widget.js.es6
	app/views/projects/merge_requests/widget/open/_accept.html.haml

Merge branch '28805-download-archive-with-branch-like-feature-xxxx-add-extra-directory-level' into 'master'

Ensure archive download is only one directory deep

Closes #28805

See merge request !9616

Signed-off-by: Rémy Coutable <remy@rymai.me>

Signed-off-by: Rémy Coutable <remy@rymai.me>