update session on password change

ref: ARCHBOM-1887

In the PR https://github.com/edx/edx-platform/pull/10659 the outer_atomic decorator/context manager was created to prevent nested atomic blocks. This method received a boolean parameter read_committed to enforce read-committed MySQL isolation level. From Django 2, the default isolation level Django sets is read-committed, so the aforementioned parameter for outer_atomic can be removed

REV-2133

CookieNameChange allowed the use of the expand-contract pattern for
cookies, but the suggested procedure assumed an instantaneous change on
the server side. Without that, there would be a brief window of time where
servers that had received the newer config would be writing cookies that
the servers with old config would not be able to understand.

However, the mechanism can be made seamless by using it *twice* in
succession, with the first usage in a "no-op" configuration. This allows
all the servers to become aware of the new name without using it. The
second change flips the configuration and changes the official name of the
cookie, and during that window both sets of servers are able to understand
both sets of names, even though they're sending a mix of names. This can
then be followed by the usual cleanup.

Co-authored-by: Simon Chen <schen@edx-c02fw0guml85.lan>

chore: Removed django.contrib.staticfiles.templatetags.staticfiles

This commit adds new APIs that allow MFEs to modify a course's advanced settings
and to update tab settings to show/hide/move tabs.

Refactor data-sharing consent GET and POST handlers to not have too many statements, because readability matters.

refactor: replace User.objects.create_user for UserFactory p2

fix: Milestones app feature flag docs

This change is done so the profile is automatically created for tests users

ENT-4776

The feature flag that should be set is not ENABLE_MILESTONES_APP but
MILESTONES_APP.

doc: ADR for date override

In the case where a server/course has both:

* YouTube deprecated (waffle flag: videos.deprecate_youtube = True)
* HLS enabled (ConfigModel: HLSPlaybackEnabledFlag, in video_config)

Prior to this commit, we would prefer the HLS source if one of the
HTML5 video sources specified a .m3u8 file. However it looks like this
file isn't always guaranteed to be produced.

This fix always prefers HTML5 video sources to YouTube if the server or
course is configured to deprecate YouTube, as long as at least one
non-YouTube source is found. TNL-8594.

Note that this may confuse users because we're essentially bypassing
their Studio-specified preferred primary source with a server-wide
setting.

* fix: remove django-ipware constraint

- Removed manage_user and manage_group commands and their unit tests from edx-platform and added then to edx-django-utils.
- Modified User.post_save signal to ensure the user profile is created when manage_user management command is run to create a user.
- Added edx-django-utils to INSTALLED_APPS for LMS and Studio.
- Moved generate_password from openedx.core.djangoapps.user_authn.utils to edx_django_utils.user along with its unit test.

REV-2133

chore: Update version of edx-name-affirmation library from 0.6.4 to 0.7.0.

This package includes a change that adds two key fields to the VerifiedNameHistoryView, verified_name_enabled and use_verified_name_for_certs.

MST-954 (https://openedx.atlassian.net/browse/MST-954)

MST-805. A signal should be emitted upon an IDV attempt being submitted or reviewed for consumption by other applications.

fix: add accent to e in resumé

Closes: REV-2214

refactor: send cert changed signal on_commit

Because we have ATOMIC_REQUESTS turned on, the COURSE_CERT_CHANGED
signal was being sent *before* the date override was committed to the
database. This means that the date override data sent to credentials on
CertificateDateOverride save() was always one commit behind.

Django provides an on_commit() function to allow us to perform actions
only after a transaction is completed successfully. I believe this
is when we want this signal to be sent.

This is an alternative to 1) disabling atomic transactions for a view
(honestly, I’m not sure which view we would target anyway), or 2)
passing more data down through the signal.

Toward MICROBA-1423

This also requires using different session cookie names in devstack for
LMS and Studio so that we can properly use the OAuth flow locally, rather
than just sharing a session cookie on the localhost domain. (Note that
ports are not used for cookie segmentation in browsers.)

This depends on the following provisioning PR:
https://github.com/edx/devstack/pull/825