Time-based one-time password (TOTP) codes are only valid for a short period
of time. In addition they are meant to be single-use to make them more
resistant against phishing and eavesdropping (e.g. keyloggers). Prior to this
change uffd did not keep track of used codes and thus did not prevent code
reuse.

- Fix apt package build on Bookworm
- Adapt babel.cfg to jinja 3.x.x and break compatability with older versions

- Add CI tests for Bookworm
- Disable pylint deprecation warnings for crypt
- Mitigate Flask changes that broke a few tests
- Set create_constraint=True for Booleans/Enums to mitigate SQLAlchemy changes
- Mitigate new Alembic CHECK constraint behaviour in batch mode

Recent setuptools releases refuse to build packages with invalid version
strings. So instead of using the bare commit hash as the version, we now
build proper version strings like X.Y.Z.dev-git.COMMIT for CI development
builds and X.Y.Z for release builds (same as before).

Alembic runs migration scripts on SQLite and MariaDB in auto-commit mode, so
inserting many rows with individual insert statements is extremely slow.

This setting is more flexible than the existing REMAILER_LIMIT_TO_USERS config
option. The config option is therefore deprecated and will be removed in the
next major version.

Turns check_migrations.py into a normal test case. Speeds up pipeline by
making html5validator use the artifacts from tests:buster:sqlite instead of
running the tests on its own.

Uffd now requires that MariaDB databases have utf8mb4 charset and
utf8mb4_nopad_bin collation. The collation was chosen for consistency with
SQLite's BINARY collation.

Previously Unix UIDs/GIDs were allocated by using the highest used ID + 1.
This caused ID reuse when the newest user/group was deleted. In addition, the
implementation did not work on MariaDB (at all, it was not possible to create
users/groups).

The new approach accounts for all IDs ever used regardless of whether or not
users/groups are deleted. It always allocates the lowest ID in the configured
range that was never used.

Aside from the different allocation algorithm, this change introduces a
generic locking mechanism and prerequisites for testing migration scripts.

Enforces uniqueness of (verified) email addresses across all users. Email
addresses are compared case-insensitivly and Unicode-normalized. The new
unique constraints are disabled by default and can be enabled with a CLI
command. They are planned to become mandatory in uffd v3.

A lot of software does not allow multiple users to share the same email
address. This change prevents problems with such software.

To enable this feature run the command:

  uffd-admin unique-email-addresses enable

The commands reports any issues (e.g. existing duplicate addresses) that
prevent enabling the feature.

This change also introduces a generic mechanism to store feature flags in the
database and improves error handling for login name constraint violations.

0bd26ee8 added __init__.py files to the tests subdirectory. This had two
unwanted side-effects:

1. setuptools.find_packages() recognised the tests as a package, so they were
   included in the pip and Debian packages.
2. The Debian package build process with dh_python automatically runs tests
   with unittest. Unittest's test discovery (in contrast to pytest) only works
   if __init__.py files exist, so this step did not do anything in the past.
   Now, failing tests caused the whole CI pipeline to fail very early without
   the helpful information provided by later stages.

This change disables running any tests during the Debian package build. It also
explicitly sets the package list to "uffd".

Restructure tests into views/models/commands subdirectories to mirror the new
source tree structure introduced with ac731bf4 (Restructure source tree).

Deprecates old case-sensitive format. Some software out there stores email
addresses converted to lower case, breaking v1 remailer addresses. The new
format is case-insensitive and generally more robust.

Uffd continues to use and support the v1 format for services setup before
this change. Support for the old format is planned to be remove in uffd v3.
It is possbile to gradually migrate services to the new format with a service
setting in the admin interface.

Also fixes compatability issue with very recent SQLAlchemy versions introduced
by b391e176 (whens parameter of case function).

Also fixes a minor email-related bug in the admin interface and bad
texts/translations in the selfservice UI.

Access control is done via normal api credentials.
See README.md for details.
Adds an optional dependency on python3-prometheus-client.

Preperation for future features that require per-service user settings
or state, e.g. stateful sync or service-specific email settings.

The additional JOIN of ServiceUser degrades getusers API performance
by 30-50%. For API calls that return many users, this is compensated by
an otherwise unrelated optimization (selectinload instead of joinedload).

Convert DateTime fields to UTC, use "utcnow" instead of "now" and use
babel helper/filter when dates/times are displayed or parsed from user
input.

Uffd continues to use the system's timezone in the user interface by
default.  However, it is now possible to overwrite this with the
BABEL_DEFAULT_TIMEZONE config option.

Unittest jobs now fail if any test fails. Unittests on Bullseye no longer
fail due to jinja2 import errors. Linter jobs run faster.

Move all models, views, cli commands and templates into corresponding
top-level folders. Detailed changes:

- uffd/<NAME>/models.py -> uffd/models/<NAME>.py
- uffd/<NAME>/cli.py -> uffd/commands/<NAME>.py
- uffd/<NAME>/views.py -> uffd/views/<NAME>.py
- uffd/<NAME>/templates/* -> uffd/templates/
- uffd/ratelimit.py -> uffd/models/ratelimit.py (it contains models)
- gendevcert from uffd/__init__.py -> uffd/commands/gendevcert.py
- profile from uffd/__init__.py -> uffd/commands/profile.py
- cleanup from uffd/tasks.py -> uffd/commands/cleanup.py
- roles-update-all from uffd/role/views.py -> uffd/commands/...
- Views from uffd/__init__.py -> uffd/views/__init__.py
- All models can/should be imported from uffd.models
- flask shell auto-imports all models instead of only a few

The old structure was meant to keep the code modular and related
code/resources close to each other. However, the modules turned out to
be heavily interdependent and not very modular. Also importing was fragile
due to ordering issues.

With the new structure the dependency tree is much simpler: Infrastructure
code (top-level *.py files) has no internal dependencies. Models only
depend on infrastructure and other models. Views and cli commands depend
on infrastructure, models and other views/commands.

Going forward there is still some restructuring to do, e.g.:

- Move mfa setup views to selfservice views
- Move mfa auth views to session views
- Move utility code from views to infrastructure (e.g. login_required)
- In most cases views should not need to import from other views
- Reorganize infrastructure code

With this feature, uffd can be configured to hide mail addresses of users
from certain services while still allowing the services to send mails to the
users.

To these services uffd returns special remailer addresses instead of the real
mail addresses. When a service sends an email to a remailer address the mail
server queries uffd's API and replaces the remailer address with the real mail
address in both envelope and headers.

This feature requires additional mail server configuration (Postfix
canonical_maps) and support in uffd-socketmapd.

When the "new invite" page was submitted with e.g. an invalid "Valid Until"
value, uffd displayed an error and reset the whole form. This was confusing
to users.

Now the form content is preserved on errors. Also the "Valid Until" field now
has min/max attributes to prevent submitting the form with invalid values.

Fixes #134