email opt-in mgmt command: Disable the course lookup if a list is provided

ENT-3367 | Show at most 1 Enterprise Learner Portal dashboard link in the header user-menu. Also, guard against no branding config when getting learner portal data.

This uses the new names introduced in edx-django-utils
3.8.0 (edx/edx-django-utils#59), which we're already using, as
well as updating a few other locations where we incorrectly refer
to New Relic custom metrics instead of custom attributes.

Includes a couple of unrelated lint fixes in a file I modified.

disable xsslint

This is cherry-picked verbatim from
zafft/analytics-exporter-settings-hotfix (#18530).  I'm fear that
without merging these changes upstream, a larger set of courses will be
consdiered for processing, and that would alter the behavior of the
analytics-email-optin-* jobs.

[BD-21] Document feature toggles

AA-335: Avoid due dates for ORA subsections

Previously, we'd been avoiding PLS due dates for ORA *sections*.
That is, if a section had only ORA content, we'd not set a PLS
due date for anything in that section.

If any content in that section had non-ORA graded content however,
we would set dates on all subsections, including the ORA one.

This resulted in some ORA-only subsections showing up twice on the
dates tab. So this patch simply brings down the ORA-only check
to a *subsection* level, not a section one.

* Add CSRF to post requests to demographics

* Reorganize code

MST-418 retire program_enrollments external_user_key with hashed values instead of setting it to null (#25001)

* Add CSRF tokens to demographics modal PATCH

We have temporarilly copied over the CSRF code from frontend-platform to
use with the demographics modal. This code is most likely temporary and
is not maintained like frontend-platform.

bumping enterprise version 3.8.9

AA-368: Surface resume_block in Outline Tab API

This is part of the changes brought by code-annotations==0.7.0

This annotation is deprecated since code-annotations==0.7.0

Since code-annotations==0.7.0, incremental_release, launch_date,
monitored_rollout, graceful_degradation, beta_testing are all considered
as "temporary" use cases.

Since code-annotations==0.7.0, this annotation is not used anymore.

This takes advantage of the new multiline annotation format with
single-line comment prefix, from code-annotations.