-Updated middleware setting to use use middleware insted of
middleware_classes
-github install of django-method-override fork to support
new style middleware in django1.11

These settings are used to toggle new authentication class in discussion and bookmarks app. The auth class is in openedx/core/lib/api/authentication.py and was added to replace deprecated OAuth2Authentication class in [rest_framework_oauth library](https://github.com/jpadilla/django-rest-framework-oauth)

Logout link should be displayed only for learner portal

Added changed to display only for learner portal
Added unit tests

check third_party_auth is enabled

Changes to extend SSO logout link feature to Oauth providers

Fixed quality violations

Removed unncessary assert

Reviewer feedback changes

[TNL-7043] If vertical block content is in an iframe in the learning microfrontend app, add a base tag in the head (of the iframe document) to force links to navigate the parent window.

Updating the django-rate-limit requirement.
updated the django-ratelimit to use unreleased version that supports Django 2.2

PROD-1178

Read STATICFILES_STORAGE_KWARGS from config to allow separate storage configuration for static assets

This will remove imports from __future__ that are no longer needed.

https://docs.python.org/3.5/library/2to3.html#2to3fixer-future

Implementation details:
* Anonymous users are assigned a unique ID (like 
  `anon42c08f9996194e2a9339`) which gets stored in the django session.
  `block.scope_ids.user_id` and `block.runtime.anonymous_student_id`
  will both return this value.
* User state for anonymous users is stored in the django cache and
  automatically expires as the cache gets pruned. Because user state is
  stored, anonymous users can use interactive blocks like capa problems.
* There is no mechanism for upgrading to a registered account and
  keeping user state since the user state store for anonymous users
  (EphemeralKeyValueStore) is completely different than the one for
  registered users (DjangoKeyValueStore/"CSM"), and has no "list all
  keys" functionality.
* "User State Summary" field values are shared among [recently active]
  anonymous users but are not shared with registered users.
* Anonymous users can only access the `public_view` of XBlocks, not the
  regular `student_view`.

Ensure that certificate is not generated if a learner enrolled in
audit mode is whitelisted

PROD-978

The mako engine isn't able to find themed templates in devstack because
the path it checks is set before we enable comprehensive theming. This
Adds a settings section to  comment out if you want to enable
theming in devstack.

Add an LMS feature flag to enable courseware search for course staff
only. TNL-6931

This completes the work started in https://github.com/edx/edx-platform/pull/19453
to use the LMS login and registration for Studio, rather than Studio
providing its own implementation.

LMS login/registration are being used for the following reasons:
1. LMS logistration properly handles all SSO integrations.
2. A single logistration is simpler to maintain and understand.
3. Allows Studio to work more like all other IDAs that use LMS
logistration.

The original switch to use LMS logistration for Studio also added the
toggle `DISABLE_STUDIO_SSO_OVER_LMS` to provide the community some
additional time for switching. This commit removes this toggle, which
at this point means all deployments will use the LMS logistration.

This change requires sharing cookies across LMS and Studio. Should that
prove to be a problem for certain Open edX instances, there are
discussions of possible alternative solutions.
See https://github.com/edx/edx-platform/pull/19845#issuecomment-55915425...

EnterpriseMiddleware set value of user's enterprise customer in session. In order to get value of enterprise customer it calls `enterprise/api/v1/enterprise-learner` API. Sometimes this middleware is called many times which result in many call to the under lying API and throttling of API causes 429 http errors.
We are not removing that middleware and storing value of user's enterprise customer in session inside underlying method.
ENT-1849

Removed pdb statement

This patch would make financial
assistance form help message to be
consistent with implementation. Using
characters limit instead of word limit.

PROD-733

- Upgrade edx-drf-extensions to 2.4.5
- Removed constraint to 2.4.0, because 2.4.2 introduces a workaround for
ARCH-1210 by putting the problematic code behind a django setting.
- Remove unused JWT_AUTH_REFRESH_COOKIE setting.

ARCH-418, ARCH-1269, ARCH-1044

fix broken toggle

student: Explicitly Set fields to unicode to avoid migration

We need to do this because when I tride to go to the JSON serializer a
bunch of tests started failing because various parts of our code are
putting things into the session that are not JSON serializable.

We can't keep using the default pickle serializer because it defaluts to
using the highest available protocol and that will cause issues with the
python 2 to 3 upgrade since both will be running in production at the
same time.  We need to use a version of the pickle protocol that both
can use interchangably.

We also need to make sure we read with latin1 encoding to make datetimes
work correctly between the two versions of python.