* New system_wide_roles app added in openedx/core/djangoapps
* Added SystemWideRole and SystemWideRoleAssignment classes to govern
  non-enterprise system wide roles

PROD-424

These were originally fixed individually, but had to be reverted, and
are now combined in one commit.  The originals were:

7b9040f6 This enum was backwards
8774ff1f Use ref_name to disambiguate serializers that drf-yasg would otherwise assume are the same.
8a443971 Is this field missing because it is None?
4a1154a7 Give a safer buffer for clearing the rate limiting
64c47856 DRF 3.7.4 changed how you delegate to another view, so don't
7359ca4f Is this right? It fixes two tests
fdd66e53 Adjust the expected error message for DRF 3.7.7
9257f68f The default TIME_ZONE should be UTC

* Install drf-yasg

* Add drf-yasg settings and urls

* Pin drf to make drf-yasg work

* Adjust config-models version to be compatible

* Remove django-rest-swagger (the old way)

Some deprecated functionality has been removed:

- Reading data field and transforms being applied in the init() method.
- The source field.
- The source_visible attribute.

In production, we use UTC as the time zone.  DRF 3.7.7 now puts all
times in the currently set timezone where it used to use UTC.  By
setting TIME_ZONE to UTC, we keep the same results we used to get.

In a few places, we had to change the expected test results to be UTC.

added migration

Adding simple history to track grade changes. Educator-4347
Adding migration file

Adding simple history to track grade changes. Educator-4347
Adding migration file

Adding simple history to track grade changes. Educator-4347
Adding migration file

Re-adding lms.djangoapps reference to see if it will fix the build issues

Re-adding lms.djangoapps reference to see if it will fix the build issues

Grades: SGF.update
...
Cannot grade student 2 in course course-v1:...  because of exception: 'Settings' object has no attribute 'GENERATE_PROFILE_SCORES'

(cherry picked from commit e0ae8f49a64c3148d446d7e535eca26016dd17d1)

Moving rbac settings above plugins

Moving the setting above plugins in common.py for the lms and cms as well

Adding logic that adds roles to jwt

Quality fixes

Removing the Deprecated the 'external_auth' package in favor of 'third_party_auth' which is the current recommendation.

This adds middleware that will create custom parameter metrics in
New Relic to track the size of all the cookies being received for
our domain. The custom fields are "cookies_total_size" and a
separate named parameter for every cookie size, e.g.
"cookies.csrftoken.size".

This is intended to help us track cookie growth and better diagnose
issues where users lose their sessions. It is toggled by the
'request_utils.capture_cookie_sizes' Waffle Flag.

Update deprecated pygeoip
to geoip2 and all usages
of it

Learner-6238

I missed the LMS production settings, and Studio in its entirety.

Currently, the LMS logout endpoint should iframe in the logout pages of
all the IDAs you were logged into. In short, this was made possible with
DOP because keeping track of the logout URIs and leaving a trail of
evidence in the user cookies was part of what we added in our fork of
DOP.  In the case of DOT, we don't have time or desire to fork DOT to
mirror this behavior, so our stop-gap solution is to log out the user
from a list of logout URIs in settings.

This is a feature that has been deprecated and can be safely removed.

DEPR-7