Support mysql2 0.4.x and 0.5.x

Fix digesting templates with mixed formats

If an explicit AWS key pair and/or region is not provided in
config/storage.yml, attempt to use environment variables, shared
credentials, or IAM role credentials. Order of precedence is
determined by the AWS SDK[1].

[1]: https://docs.aws.amazon.com/sdk-for-ruby/v3/developer-guide/setup-config.html

Backport #32283

Move CSP info from 5.2 release notes to guide [ci skip]

cherry-pick 8647ac0b

This test fails in specific time.
Example:

If run this test on the machine with time 01:00 am UTC+2,
this test will fail.
Changing representing of 2000-01-01 01:00 am UTC+2 to UTC+0 change
the day, month and even year in our case,
so substitution `"2000-01-01 "` to `""` isn't possible.

```
Failure:
ActiveRecord::ConnectionAdapters::QuotingTest#test_quoted_time_utc
Expected: "1999-12-31 23:01:27"
  Actual: "23:01:27"
```

Related to 7c479cbf

Fix "Ruby on Rails 5.2 Release Notes" [ci skip]

References #32279

* Check exclude before flagging cookies as secure.

* Update comments in ActionDispatch::SSL.

[Catherine Khuu + Rafael Mendonça França]

Time column improvements

Don't marshal ActiveSupport::Cache::Entry objects twice

Fixes #32248.

Update "Ruby on Rails 5.2 Release Notes" Guide [ci skip]

Since `Redis#call` duck types as a Proc, we'd call `#call` on it,
thinking it's a Proc. Fixed by check for the Proc explicitly instead of
duck typing on `#call`.

Closes #32233

Follow up of 309bb6c4

The Active Storage service for Azure Storage has an option called `path`
that is ambiguous in meaning. It needs to be set to the primary blob
storage endpoint but that can be determined from the blobs client anyway.

To simplify the configuration this commit removes the `path` option and
gets the endpoint from the blobs client instead.

Closes #32225.

Closes #32219.

Fix 5-2-stable's changelogs [ci skip]

- Add missing dots.
- Change example of using `content_security_policy_report_only`
  in controller.
- Remove TODO.

Related to #32222

* Remove reference to Globalize::Backend::Static as this class no longer exists.
* Remove reference to google group
* Remove confusing reference to Globalize3
* Add section on translating stored content

[ci skip]

If the app has the CSP disabled globally allow a controller action
to enable the policy for that request.

e.g:

    class LegacyPagesController < ApplicationController
      content_security_policy false, only: :index
    end

We use inline style and script for the view held inside Rails like
welcome page and mailer preview.
Therefore, if inline is prohibited by CSP, they will not work properly.
I think that this is not as expected. 　

For that reason, I have made it possible to use inline style and script
regardless of application settings.

[ci skip]

(cherry picked from commit 22777c80)

Express `ActionDispatch::Routing::UrlFor#route_for` as public api

(cherry picked from commit e764336e)

This is an alternate implementation of #31698. That PR makes assumptions
that I do not want in the code base. We can fix the performance
regression with a much simpler patch.

This reverts commit a19e91f0.

Use authenticated cookie options to disable embedding of the expiry information in the cookies

We were generating the cookie value with the expiry information embedded what
makes the value impossible to be read by a Rails 5.1 application.

This option is only useful if you need to share your cookies between
a Rails 5.1 and a Rails 5.2 application, or if you are still validating
the deploy and wants to eventually rollback.

mutool is licensed under the Affero GPL, which has strict distribution requirements.

Poppler is licensed under the more liberal GPL, making it a good alternative for those who can't use mutool.