This PR adds the allocations to the instrumentation for template and
partial rendering.

Before:

```
  Rendering posts/new.html.erb within layouts/application
  Rendered posts/_form.html.erb (9.7ms)
  Rendered posts/new.html.erb within layouts/application (10.9ms)
Completed 200 OK in 902ms (Views: 890.8ms | ActiveRecord: 0.8ms)
```

After:

```
  Rendering posts/new.html.erb within layouts/application
  Rendered posts/_form.html.erb (Duration: 7.1ms | Allocations: 6004)
  Rendered posts/new.html.erb within layouts/application (Duration: 8.3ms | Allocations: 6654)
Completed 200 OK in 858ms (Views: 848.4ms | ActiveRecord: 0.4ms | Allocations: 1539564)
```

The url_for method is now extracting the path_only option in order to determine if polymorphic_path or polymorphic_url should be called.

If the path_only option is not set it will be set to true unless the host option is set. This behaviour is the same as when a Hash or Params object is passed.

To support this unifying the code responsible for setting this default value has been extracted into a private method

make actionview templates marshalable so that they can be serialized during the parallel tests (#34030)

Since Rails 6.0 will support Ruby 2.4.1 or higher
`# frozen_string_literal: true` magic comment is enough to make string object frozen.
This magic comment is enabled by `Style/FrozenStringLiteralComment` cop.

* Exclude these files not to auto correct false positive `Regexp#freeze`
 - 'actionpack/lib/action_dispatch/journey/router/utils.rb'
 - 'activerecord/lib/active_record/connection_adapters/sqlite3_adapter.rb'

It has been fixed by https://github.com/rubocop-hq/rubocop/pull/6333
Once the newer version of RuboCop released and available at Code Climate these exclude entries should be removed.

* Replace `String#freeze` with `String#-@` manually if explicit frozen string objects are required

 - 'actionpack/test/controller/test_case_test.rb'
 - 'activemodel/test/cases/type/string_test.rb'
 - 'activesupport/lib/active_support/core_ext/string/strip.rb'
 - 'activesupport/test/core_ext/string_ext_test.rb'
 - 'railties/test/generators/actions_test.rb'

Fixes #29473.

This commit removes a deprecated catch-all route in the AV tests.  It
defines and includes the necessary routes for each test such that we
don't need the catch-all anymore.

This also helps push us toward #33970

In Ruby 2.3 or later, `String#+@` is available and `+@` is faster than `dup`.

```ruby
# frozen_string_literal: true

require "bundler/inline"

gemfile(true) do
  source "https://rubygems.org"

  gem "benchmark-ips"
end

Benchmark.ips do |x|
  x.report('+@') { +"" }
  x.report('dup') { "".dup }
  x.compare!
end
```

```
$ ruby -v benchmark.rb
ruby 2.5.1p57 (2018-03-29 revision 63029) [x86_64-linux]
Warming up --------------------------------------
                  +@   282.289k i/100ms
                 dup   187.638k i/100ms
Calculating -------------------------------------
                  +@      6.775M (± 3.6%) i/s -     33.875M in   5.006253s
                 dup      3.320M (± 2.2%) i/s -     16.700M in   5.032125s

Comparison:
                  +@:  6775299.3 i/s
                 dup:  3320400.7 i/s - 2.04x  slower

```

This brings `escape_javascript` in line with the behavior of `json_escape` and
allows other value types to be output without needing explicit casting in the
view template.

Example:

    <%= javascript_tag do %>
      var locale = '<%== j I18n.locale %>'; // locale is a symbol
    <% end %>

When no dependencies are present to be digested there is no reason to build an array just to turn around and turn it back into a string.

The dependencies array is not mutated in this method so we can use the same empty array across all invocations.

Total allocated: 791402 bytes (7294 objects)
Total allocated: 777442 bytes (7132 objects)

(791402 - 777442) / 791402.0 # => 1.76 % speed improvement

To prevent style check in review like https://github.com/rails/rails/pull/33608#discussion_r211087605.

Test that using private methods in `options_from_collection_for_select`
is deprecated.

Make the unused `secret` paramether in the `Post` Struct private to use
it in the test.

Use attr_reader/attr_writer instead of methods

method is 12% slower

Use flat_map over map.flatten(1)

flatten is 66% slower

Use hash[]= instead of hash.merge! with single arguments

merge! is 166% slower

See https://github.com/rails/rails/pull/32337 for more conversation

Special form_with attributes `skip_default_ids` and `allow_method_names_outside_object`
attributes are leaking into html attributes of option select tag helpers.

`button_to` was throwing exception when invoked with `params` hash that
contains symbol and string keys. The reason for the exception was that
`to_form_params` was comparing the given symbol and string keys.

The issue is fixed by turning all keys to strings inside
`to_form_params` before comparing them.

names. Lambda should be passed to use this option. Example:

    date_select('user_birthday', '', start_year: 1998, end_year: 2000, year_format: ->year { "Heisei #{year - 1988}" })

The HTML produced:

    <select id="user_birthday__1i" name="user_birthday[(1i)]">
    <option value="1998">Heisei 10</option>
    <option value="1999">Heisei 11</option>
    <option value="2000">Heisei 12</option>
    </select>
    /* The rest is omitted */

Because the same method is defined in `FormWithTest` of the parent class.
https://github.com/rails/rails/blob/fe9547b6fb60d92af181c8613166fa4322f8e307/actionview/test/template/form_helper/form_with_test.rb#L19..L26

Follow up of #32605.

This autocorrects the violations after adding a custom cop in
3305c78dcd.

* Since #18411, we started to inform about extracted gem (record_tag_helper)
  to developers who use `ActionView::Helpers::RecordTagHelper` 's methods.

* Currently, it seems no problem that we don't have to support no longer.

`</ps>` is not a valid closing tag for `<p>`.

Running HTML responses through `DOMParser#parseFromString` results in
complete `HTMLDocument` instances with unnecessary surrounding tags.

For example:

    new DOMParser().parseFromString('<p>hello</p>', 'text/html')

Will output:

    <html>
      <head></head>
      <body>
        <p>hello</p>
      </body>
    </html>

This is passed to the `ajax:success` handler as `event.detail[0]`
(`data`), but cannot be used directly without first traversing the
document.

To resolve this, only XML content is passed through `parseFromString`,
while HTML content is treated as plain-text.

This matches the behavior of jquery-ujs, which relied on jQuery's
response-type inference.

Related to https://github.com/rails/rails/commit/d4eb0dc89ee6b476e2e10869dc282a96f956c6c7#r27830891

On my local environment execution of `cd actionview/ && bin/test` raises error:

```
(snip)
rails/actionview/test/template/render_test.rb:6:in `<top (required)>': superclass mismatch for class TestController (TypeError)
```

In some test files `TestController` inherited from `ActionController::Base`,
but in `test/actionpack/controller/render_test.rb` file `TestController`
inherited from `ApplicationController`.
This produces error `superclass mismatch for class TestController (TypeError)`

Step to reproduce this on any environment:
`cd actionview/ && bin/test test/template/streaming_render_test.rb test/actionpack/controller/render_test.rb`

With the disabling of TLS 1.0 by most major websites, continuing to run
IE8 or lower becomes increasingly difficult so default to not enforcing
UTF-8 encoding as it's not relevant to other browsers.

Currently submit_tag value translation does not support i18n key style
locale key.
It confuses me a bit because many other components support i18n key
style locale key.
I added i18n key style locale key support to submit tag.

Because the UJS library creates a script tag to process responses it
normally requires the script-src attribute of the content security
policy to include 'unsafe-inline'.

To work around this we generate a per-request nonce value that is
embedded in a meta tag in a similar fashion to how CSRF protection
embeds its token in a meta tag. The UJS library can then read the
nonce value and set it on the dynamically generated script tag to
enable it to execute without needing 'unsafe-inline' enabled.

Nonce generation isn't 100% safe - if your script tag is including
user generated content in someway then it may be possible to exploit
an XSS vulnerability which can take advantage of the nonce. It is
however an improvement on a blanket permission for inline scripts.

It is also possible to use the nonce within your own script tags by
using `nonce: true` to set the nonce value on the tag, e.g

    <%= javascript_tag nonce: true do %>
      alert('Hello, World!');
    <% end %>

Fixes #31689.

Skipping over 2.4.0 to sidestep the `"symbol_from_string".to_sym.dup` bug.

References #32028

* Global ignores at toplevel .gitignore
* Component-specific ignores in each toplevel directory
* Remove `actionview/test/tmp/.keep` for JRuby

```
rm actionview/test/tmp/ -fr
cd actionview/
bundle exec jruby -Itest test/template/digestor_test.rb
```

Related to #11743, #30392.

Closes #29978.