strftime is deprecated and will be removed in PHP 9. SSP 2.0 is our
chance to change this format as it's exposed to installers of SSP.

The approch is to keep it simple and just change the format to PHP's
built in date() function which remains supported. Also we do not try
to localize the logging date/timestamps anymore. This matches the syslog
approach that this format tried to mimic. We are using the day without
leading zeroes now also to be a bit closer to how syslog does it.

We remove the functionality to see all auth sources and to test them
publically. Testing the auth sources can be done inside the admin
module.

Added is a configuration option that allows the administrator to specfy
another place to redirect to for people who land on the front page.

Now also considers any attributes.po in the configured theme, if any.
Makes the attributes.extradictionary config setting obsolete.

We could use it everywhere, but it's better to reduce the already big
amount of configuration options the admin is confronted with than the
small problem this option solves.

Additionally allows generating a password on current gen Macbook.

Before:
LC_CTYPE=C tr -c -d '0123456789abcdefghijklmnopqrstuvwxyz' </dev/urandom | dd bs=32 count=1 2>/dev/null;echo
tr: Illegal byte sequence

After:
LC_ALL=C tr -c -d '0123456789abcdefghijklmnopqrstuvwxyz' </dev/urandom | dd bs=32 count=1 2>/dev/null;echo
nhq2bu42k0iox5svm9rnmmon3oc2i55g

* Migrate email utils to non-static

* Migrate http utils to non-static

* Migrate net utils to non-static

* Migrate random utils to non-static

* Migrate system utils to non-static

* Migrate time utils to non-static

* Migrate xml utils to non-static

* Upgrade notes

* Update test-framework

* Fix tests

There's little to no added value for UTF-8 in this file, while some
editors do cause trouble when editing those files (e.g. adding BOM
on Windows). This just avoids that hassle where we can.

Closes: #1432

We have removed the option to add enable/disable/default-enable/default-disable files, so this is no longer an override

The previous situation was confusing with various contradicting
(staments of) defaults, mixed with old style and new style
configuration.

Simplify by deciding that having backtraces is so
useful that it is the defaut, both old and new style configurations.
(It was already default on in the config template,
which seems 'canonical'.)

Follow the suggestions of [draft-knodel-terminology-00](https://tools.ietf.org/id/draft-knodel-terminology-00.html)
and other language frameworks and replace the notion of master/slave
with a more neutral primary/secondary.

They seem to cause trouble, also inconsistent behaviour between versions of the memcached extension.

This was available for the memcache extension, but when we moved to memcached it went away since the API is different and required changes. The issue with persitence in memcached is that persistent connections require a common identifier, which shouldn't be fixed. Therefore, we need to change a bit the way the memcache servers are configured in config.php as well.

* Remove deprecated classes

* Remove support for certificate fingerprints

* Remove many deprecated methods and pieces of code

* Remove SAML1.1/Shib1.3 support

* Remove many superfluous annotations

* Update unit test to work with new PHPunit

Closes #1268 
Closes #1020 
Closes #431 
Closes #167 
Closes #151 

Different from the other options, setting it to null does not use
a default but throws an error if you enable metadata signing, so
enabling metadata signing in the default config will throw an
exception. Better to just leave it out, the option is documented
but should not be necessary for most installs, so needs not be
in the template.

Add support for RFC6265bis SameSite cookie attribute