Using "Number" was not good for translations and maybe not so good in
english either.

Using verifyImageMatchSnapshot with 20 is sometimes not enough to detect
some significant differences

these are not used anymore

Base_callDialogMethod may not provide REQUEST nor RESPONSE, and may provide
other arguments. Make the former optional, ignore the latter, and fallback
on RequestContainer's magic when REQUEST is None.

<dtml-sqlvar "None" type=nb> should be 'null'.

Fixes `Uncaught Error: Language id "vs.editor.nullLanguage" is not
configured nor known` errors with html using script type handlebars

During the response process (especially setBody), HTTPResponse accesses
and updates some response headers in its "headers" property (a dictionary).
addHeader puts the response headers in a list which will not be updated by
HTTPResponse. This is "more correct" from an RFC perspective, as any header
specified as being a sequence of values delimited by commas may be split
among multiple headers.
So, keep using addHeader by default, but special-case some headers which
are accessed and must be successfully updated by HTTPResponse itself so
that those headers are set using setHeader, which updates the "headers"
property.

For better compatibility, as not all templates may be reconfigured to post
in application/x-www-form-urlencoded.
Also, tolerate a missing Content-Type request header, treating as an
unhandler type instead of raising a KeyError exception.

Fernet tokens are urlsafe-base64-encoded, so re-encoding them is
useless.

This change breaks compabitility with what should be a transient login state
(lasting as long as the login form is opened in any browser). So the
consequence is that a user failing to authenticate will be redirected to a
safe location (ex: the website's home page) instead of getting to the login
form again.
This should not be worth either a systematic double-decrypting (which could
lead to harder to debug decryption errors) or some heuristic trying to
guess if the value is in fact double-encoded.

For simplicity and readability.

When there is no enabled extractor plugin, PAS internally uses the DumbHTTPExtractor
class. When installing the OAuth2 resource server plugin, it activates itself as an extractor,
disabling this default mechanism. This is most likely unexpected to the admin, so in such
situation create & enable the ERP5 plugin which inherits from DumbHTTPExtractor, to
preserve basic authentiation.
If such plugin exists but is disabled, assume the admin forgot to enable it, and do it for them.
If any extraction plugin is already enabled, do nothing new.

`state_var` is now a compatibility alias calling getStateVariable, which
has a default value of `simulation_state`. As a result, this script was
attempting to call getSimulationStateTranslatedTitle on credential
requests, because they have an interaction workflow in their chain.

This fixes by implementing the full logic using new ERP5 workflow API.

See merge request nexedi/erp5!1814

See merge request !1817
Fix loitering trajectory when the drone is closer to the center than the required radius.

<dtml-sqlvar "None" type=string> should be 'null', not 'None'.

When using the public API of pandas (which is partially allowed in
restricted python), it can happen that this public API raises the error
'pytz.NonExistentTimeError' [1]. Users should be allowed to
import and therefore catch this exception.

Before this patch we could only do:

>>> try:
...   ts.tz_localize(tz)
... except Exception:
...   ...

After this patch we can do;

>>> try:
...   ts.tz_localize(tz)
... except pytz.NonExistentTimeError:
...   ...

pytz delivers more exceptions which are all equally harmless.
We can therefore in the same patch also allow them, as they may be
useful for similar cases.

This patch also comes with tests which ensure that the allowed
exceptions can be imported into restricted python and also a
test to ensure no other objects in the pytz namespace can be used.

---

[1] https://pandas.pydata.org/pandas-docs/version/2.0.3/reference/api/pandas.Series.tz_localize.html

/reviewed-by @jerome
/reviewed-on nexedi/erp5!1802

When an activity failure happens, the SQL row is updated:
- date is set to a future value, so the activity does not get retried
  immediately, in the expectation that what caused the failure may have
  cleared by that point.
- retry is incremented, to allow limiting the total number of retries
- priority is incremented

This last point seems harder to justify, and seems redundant with the date
increase. In the context of processing node families and with a steady
influx of similar activities at a base priority level, such priority
increment can postpone the victim activity execution to an arbitrarily
large amount of time, which is undesirable.
So, remove this increment.

See merge request nexedi/erp5!1809

   The implementation only works with ERP5 Login, since it is the only portal type that
   holds password in ERP5. Other implementations are password-less: Certificate Login,
   Google Login and Facebook Login, so they cannot have their password reset anyway.

   It is overkill split the login on multiple categorization, to use some portal group (ie:
   getPortalLoginPortalTypeThatCanResetPassord...) until we have a a clear usecase.

See merge request nexedi/erp5!1796

See merge request nexedi/erp5!1810

- drop console logs
- update api doc
- refine init map coordinates
- crash drone if logic is empty
- jslint

sqlvar type="nb" was broken by sqlvar patch without being noticed,
thus test is required. See commit ebdc34d4.

See merge request nexedi/erp5!1811

See merge request nexedi/erp5!1812

   Redirect with error level, to display the notification properly displayed as error

  rather them use person directly to Manage it. It might allow an user
  use more them one certificate to authenticate.

  An Unique reference is set whenever issue a certificate, this prevents
  conflicts if the transaction is restarted/retry after getNewCertificate
  is already called, since we cannot rollback the call to openssl.

  Include and improve test coverage

   if a duplicated certificate (with same CN) is eventually generated by a
   bug or external tool (for whatever reason), revoke should revoke them all.

See merge request nexedi/erp5!1807

- drop map reduction
- fix random seed issue (drop relation with #drones)
- use min-max lat-lon map parameters for init

See merge request nexedi/erp5!1806