Mainly for maintenance sake and to update the code before porting it to python3.

When spawning an activity, store the current security context's user in
the Message object itself, so the activity security context can be
re-created with the same security during activity execution.
This allows a user to be modified (different groups, global roles, maybe
removed altogether) after they spawned activities and before these activities
could run.
It also means that any temporary custom group or global role granted to
that user (by a privilege elevation mechanism out of the scope of this
change) will still be effective during the activity execution.
This follows the principle that
  foo.activate(...).bar(...)
should be equivalent to its "immediate execution" version
  foo.bar(...)
by ensuring that the security context of the activity is the same as the
one which was applied to the code which spawned that activity,
independently of any intermediate configuration change - hence improving
(deferred and fragmentary) transaction isolation.

This also removes the need to look the user up, then looking up their
assignments (and other documents involved in group computation), etc,
saving the cost of these calls.

Also, remove redundant user_name argument of Message.changeUser method.

The action was removed in 6dce55b0 (dms: drop PDF thumbnail view, 2021-06-01)
but some CSS declarations were not removed.

Also remove some old commented out javascript that was referencing the
old PDF preview

When a validated component is edited, `mixin.component.RecordablePropertyMetaClass`
records the `text_content` property. This recorded property will be cleared afterwards
if no errors are found, but this causes differences in business template XML for each
component the first time they are edited.

This change is about removing the `_recorded_property_dict` when there are no property
recorded, which leads to slightly smaller pickles (and business template XML, because
they are also pickles).

See merge request nexedi/erp5!1605

This makes smaller pickles

More investigations are needed on jio side

jio 3.45.0 fixed the issue

Proxy field rendering was improved by nexedi/erp5@25ad9ece

erp5_core_test already depends on erp5_base, no need to have another
organisation_module module.

This was problematic because uninstalling erp5_core_test removes
the organisation_module with everything inside.

since config['software_list'] is used several times, it must be a real
list object and not a filter object

See merge request !1602

This will allow to propagate the CSP configuration on officejs.com

Only ZEXP Export/Import is possible. These modules (namely OFS.XMLExportImport
and Shared.DC.xml.*) were heavily monkey-patched anyway and are only used for
BusinessTemplates.

* ERP5Type/XMLExportImport.py  => ERP5Type/XMLExportImport/__init__.py
* OFS/XMLExportImport.py       => ERP5Type/XMLExportImport/__init__.py
* Shared/DC/xml/{xyap,ppml}.py => ERP5Type/XMLExportImport/{xyap,ppml}.py

This supports both python2 and python3. For python3, this decode() properly
arguments returned by string_literal() to have str(), otherwise the query string
is an str() (DocumentTemplate) and the arguments are bytes().

In other places, bytes() is used directly but in this case this is not needed
and would require monkey patching (at least) DocumentTemplate.

This changes slightly getOutput, `Status` is not printed as an header
(Status: 200 OK) but only in the status line (HTTP/1.1 200 OK)

See merge request nexedi/erp5!1589

Instead of doing what loading zope.conf does (which is different
across zope versions), use the ZConfig configuration callback.

The old name was Zuite_viewZeleniumTestLauncher which is an violation
to erp5-Guideline.Form.Report.Dialog.Is.Postfixed.With.Dialog

ErrorLog is not allowed prefix, this was flagged by coding style test,
since the script is not used it's better to remove it