As requested by the issue #14508 this adds an option in the application
settings to set newly registered users by default as external. The
default setting is set to false to stay backward compatible.

`avatar.present?` goes through CarrierWave, and checks that the file
exists on disk and checks its filesize. Because we're hitting the disk,
this adds extra overhead to something where the worst-case scenario is
rendering a broken image.

Instead, we now just check that the _database attribute_ is present,
which is good enough for our purposes.

See https://gitlab.com/gitlab-org/gitlab-ce/issues/19273

The issue was with the `User#groups` and `User#projects` associations
which goes through the `User#group_members` and `User#project_members`.

Initially I chose to use a secure approach by storing the requester's
user ID in `Member#created_by_id` instead of `Member#user_id` because I
was aware that there was a security risk since I didn't know the
codebase well enough.

Then during the review, we decided to change that and directly store the
requester's user ID into `Member#user_id` (for the sake of simplifying
the code I believe), meaning that every `group_members` / `project_members`
association would include the requesters by default...

My bad for not checking that all the `group_members` / `project_members`
associations and the ones that go through them (e.g. `Group#users` and
`Project#users`) were made safe with the `where(requested_at: nil)` /
`where(members: { requested_at: nil })` scopes.

Now they are all secure.
Signed-off-by: NRémy Coutable <remy@rymai.me>

- As todos are created/updated inside the TodoService
we repopulate the cache just there for both pending/done todos
- Todos as mark as done from the TodosController we update cache
there too
- All the added methods are kept in the User class for cohesion

This reverts commit 13e37a3e.

- Extract a duplicated `redirect_to`
- Fix a typo: "token", not "certificate"
- Have the "Expires at" datepicker be attached to a text field, not inline
- Have both private tokens and personal access tokens verified in a
  single "authenticate_from_private_token" method, both in the
  application and API. Move relevant logic to
  `User#find_by_personal_access_token`
- Remove unnecessary constants relating to API auth. We don't need a
  separate constant for personal access tokens since the param is the
  same as for private tokens.

Signed-off-by: NRémy Coutable <remy@rymai.me>

- To hold registrations from U2F devices, and to authenticate them.
- Previously, `User#two_factor_enabled` was aliased to the
  `otp_required_for_login` column on `users`.
- This commit changes things a bit:
    - `User#two_factor_enabled` is not a method anymore
    - `User#two_factor_enabled?` checks both the
      `otp_required_for_login` column, as well as `U2fRegistration`s
    - Change all instances of `User#two_factor_enabled` to
      `User#two_factor_enabled?`
- Add the `u2f` gem, and implement registration/authentication at the
  model level.

This reverts commit 3e991230.

# Conflicts:
#	app/models/project.rb

attr_encrypted (1.3.4 => 3.0.1) Changelog:
https://github.com/attr-encrypted/attr_encrypted/blob/master/CHANGELOG.m
d

attr_encrypted 2.x included a vulnerability, so that major version is
skipped. 3.x requires that the algorithm and mode used by each
encrypted attribute is specified explicitly.

`nil` is no longer a valid value for the encrypted_value_iv field, so
it’s changed to a randomly generated string.

Devise (3.5.4 => 4.1.1) Changelog:
https://github.com/plataformatec/devise/blob/master/CHANGELOG.md

devise-two-factor (2.0.1 => 3.0.0) Changelog:
https://github.com/tinfoil/devise-two-factor/blob/master/CHANGELOG.md

These are reliant on each other, so they have to be upgraded together.

devise-async is no longer necessary as Devise 4.1 fixes a bug with the
ActiveJob integration.

This reverts merge request !3647

These methods seems to be unused.
Signed-off-by: NRémy Coutable <remy@rymai.me>