It can be used for API access when
session is not available

Updates notes in real time using websockets instead of polling

This feature was part of the REID SEG and never
shipped.

The code removed was originally put in place to prepare
the next steps, which never happened.

This fixes all non-test file offenses

Our specs use static passwords, many of them are weak. This makes it
difficult to create changes which introduce password complexity
constraints.

This MR updates a small number of instances where we set weak or
hardcoded passwords, to use randomly generated passwords.

https://gitlab.com/gitlab-org/gitlab/-/issues/360030

The awareness channel allows clients to subscribe to
changes in an Awareness session via a Websocket
connection. It also enables clients to report back any
activity (touch) from their side, and request updates
to the current state of the awareness session.

Encrypt all new passwords with PBKDF2 with SHA512 and migrate from
BCrypt to each time the user's password is compared. Feature is
behind a default-disabled feature flag for now.

Changelog: added

This will allow us to impose stricter rate limits for general API
traffic, without affecting interactive API requests made by the
frontend during normal GitLab usage.

The frontend requests are identified by the inclusion of a CSRF token
in the headers.

Other rate limits that only affect a subset of API requests (e.g. the
Files and Packages APIs, or protected paths) still take precedence,
i.e. requests for these paths will always be matched even if they
include a CSRF token.

Changelog: changed

This reverts merge request
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/78082 because of a
production incident.

Changelog: other

This will allow us to impose stricter rate limits for general API
traffic, without affecting interactive API requests made by the
frontend during normal GitLab usage.

The frontend requests are identified by the inclusion of a CSRF token
in the headers.

Other rate limits that only affect a subset of API requests (e.g. the
Files and Packages APIs, or protected paths) still take precedence,
i.e. requests for these paths will always be matched even if they
include a CSRF token.

Changelog: changed

This will allow us to impose stricter rate limits for general API
traffic, without affecting interactive API requests made by the
frontend during normal GitLab usage.

The frontend requests are identified by the inclusion of a CSRF token
in the headers.

Other rate limits that only affect a subset of API requests (e.g. the
Files and Packages APIs, or protected paths) are affected by this too,
i.e. requests for these paths with a CSRF token will always be counted
as web traffic, if the web rate limit is enabled.

Changelog: changed

- Remove shared example redis sessions store
- We are using single instance in CI

This is no longer needed since we moved to GraphQL subscriptions for
this feature

We can skip the session retrieval and just set current_user to nil when
the session cookie is blank

The plan for RSpec 4.0 is to disable monkey patching:
https://rspec.info/blog/2013/07/the-plan-for-rspec-3/#zero-monkey-patching-mode

This commit stops using RSpec monkey patching:
https://relishapp.com/rspec/rspec-core/docs/configuration/zero-monkey-patching-mode

Upgrades lograge to support ActionCable and then overrides
notification_payload to log extra information

This allows us to update the issue sidebar in real-time