Test to verify the side-effects of calling this function since we now
rely on one of them in the SafeSessionMiddleware.

Add a test to ensure that the login page redirect as long as we have a
valid session even if we have expired on non-existent JWT cookies.

Previously they also had to have a valid JWT cookie which led to a weird
corner case where a user was logged in but still showed the login form
resulting in some confusion and odd behavior.

This change gives precedence to the session token to determine whether
or not someone is logged into the LMS but ensures that if you go through
the login flow, you refresh your JWT cookies. This should not cause any
breakage for MFE flows that might redirect to the LMS login page since
the JWT would get refreshed if it's out of date but the session is
valid.

Six frames was not enough because for DRF views the request gets wrapped
in a proxy object and so we need more of the stack to see what part of
the code we're in that actually invokes the use change.

When a user logs out, there are warnings logged right now because the
session user_id mismatches(it becomes None on logout).  Previously we
would log the request mismatch on debug and the session mismatch as
normal.

This change will result in us logging nothing if the session change is
not abnormal.

MICROBA-1039

fix: AA-724: Updating the HiddenContentTransformer

[Support Tool] Update the Enrollments to take Entitlements into account

bump edx-enterprise back down to 3.20.1

fix: don't count hierarchy blocks as complete for assignments

When considering whether a subsection is complete as an assignment,
skip any "hierarchy" types (sequential, vertical, etc) that don't
have children. If the user can't see the content, don't risk
marking it as complete.

AA-726

fix: use github version of py2neo

Python Requirements Update

The version of Py2neo we depend on has been removed from PyPI.  This is
a stop-gap until we can upgrade it

bump edx-enterprise to 3.20.2

We heard about a bug where learners granted extensions would still
lose access to content if it was marked as "hidden after due date".
This was caused by the HiddenContentTransformer using the due date
from collection time (publish time) rather than the user date returned
from the edx-when DateOverrideTransformer.

A small subtletly of this PR is that Transformers with the
FilteringTransformerMixin are executed before those without it so
part of the fix was to make the HiddenContentTransformer not use the
FilteringTransformerMixin to ensure the DateOverrideTransformer had
run first.

Part 3/3 - Removing old collect code with merged due date

fix: AA-724: Updating the HiddenContentTransformer

Adds a command to create an API connection to credentials for testing
program certificates on devstack. This command is not meant to be ran
manually, and will be included in a provisioning type script that will
be added later.

MICROBA-1039

We heard about a bug where learners granted extensions would still
lose access to content if it was marked as "hidden after due date".
This was caused by the HiddenContentTransformer using the due date
from collection time (publish time) rather than the user date returned
from the edx-when DateOverrideTransformer.

A small subtletly of these PRs is that Transformers with the
FilteringTransformerMixin are executed before those without it so
part of the fix was to make the HiddenContentTransformer not use the
FilteringTransformerMixin to ensure the DateOverrideTransformer had
run first.

Part 2/3 - Updating transform method + updating Read version

fix: AA-724: Updating the HiddenContentTransformer

fix: Don't make request change logging a waffle flag.

Waffle flags are useful for gradual rollout but that's not possible this
high in the middleware because a lot of the data needed (request.user)
to partition incoming requests is not availabale this high in the
middleware.

Convert this to a WaffleSwitch which will be safer to operate.

Also increase the number of frames in the stack to print per change.
Printing just 1 did not provide enough info because DRF requests wrap
WSGI requests and have a setter proxy.  It will be useful to figure out
how they do this in case it's better that what we're doing in the safe
sessions middleware.

Ticket: https://openedx.atlassian.net/browse/ARCHBOM-1718

We heard about a bug where learners granted extensions would still
lose access to content if it was marked as "hidden after due date".
This was caused by the HiddenContentTransformer using the due date
from collection time (publish time) rather than the user date returned
from the edx-when DateOverrideTransformer.

A small subtletly of these PRs is that Transformers with the
FilteringTransformerMixin are executed before those without it so
part of the fix was to make the HiddenContentTransformer not use the
FilteringTransformerMixin to ensure the DateOverrideTransformer had
run first.

Part 1/3

feat: bump edx-ace to 1.1.0

This gives us the ability to set a Braze-specific from-address via
configuration settings.

fix: surface assignment type short_label in Progress Tab MFE API

[TNL-7971] - Correct filename for anonymized id report.