Detect invalid roll out status requests

See merge request !1358

Port of 'commons-chunk-plugin' to EE

See merge request !1354

Improve CSS to handle not having actions

See merge request !1336

Basically, if we can't find a pod with the given filter, we know the
status is invallid, so the exposed 'valid' flag will be false.

By @ayufan dupped as 'case 2', the last case to cover before the release
will be done in a seperate MR.

Handle binary data properly in Geo transfer download

See merge request !1356

Fix broken Geo::MoveRepositoryService and add spec

Closes #1826

See merge request !1353

Closes #1826

Add support for HTTPS + AWS ElasticSearch

Closes #1181

See merge request !1305

Add CHANGELOG-EE entry for Geo file transfer support

[ci skip]

See merge request !1349

  * replace elasticsearch_host and elasticsearch_port with elasticsearch_url
  * Add support for AWS Elasticsearch Service
    * created universal gitlab elasticsearch client
    * add ability to sign requests with aws_signers_v4
    * expose elasticsearch_aws_region param
    * expose elasticsearch_aws_access_key param
    * expose elasticsearch_aws_secret_access_key param
    * If using AWS instance credentials they will automatically be picked up by client

[ci skip]

Basic support for GitLab Geo transfers

See merge request !1237

Use iids as filter parameter

See merge request !1216

Adds a EE specific dev favicon

See merge request !1343

A Geo transfer request arrives with a JWT header with the right data (e.g. URL
`/api/v4/geo/transfers/lfs/1` for LFS object ID 1, with a JWT token that
includes the corresponding LFS OID).

Workhorse proxies the request and the Rails backend verifies the validity of
the request.  If the request is valid, the Rails backend uses X-Sendfile
functionality in Workhorse/nginx to send data back to the client.

Current Geo Nodes use the system hook token for authentication, which is not
that secure. This implementation creates an access identifier and an secret
access key for each GeoNode. The GeoNode uses that to create a JWT token in
the Authorization header. The secret access key is encrypted with the
db_key_base valid and replicated in PostgreSQL. Since `db_key_base` has to be
correct to decode this field, we are ultimately relying on the security of
that key.

The primary GeoNode receives the Authorization header, looks up the proper
GeoNode with the access identifier, and then validates the JWT token. We
expect that the times of the nodes are synchronized within 1 minute to prevent
replay attacks.

Default to dangerous MR merge button - EE merge edition

See merge request !1313

Port of 27501-api-use-visibility-everywhere to EE

See merge request !1267

Override the `ApplicationSetting` default visibility_level setters so
they accept strings & integers for the levels.

Add `visibility` & `visibility=` methods to the
`Gitlab::VisibilityLevel` module so the `visibility_level` can be
get/set with a string value.

CE upstream: Thursday

See merge request !1339

And add changelog entry.

Use strings for the ApplicationSetting properties:
 - restricted_visibility_levels
 - default_project_visibility
 - default_snippet_visibility
 - default_group_visibility