this means the reader doesn't need to lock, but does have the added cost
of a new object created for every controller

The controller class is shared among threads, so we need to lock when
allocating the Renderer.

AC::Parameters does not inherit from HashWithIndifferentAccess
since #20868 by @sikachu

everything above metal really doesn't care about setting the content
type, so lets rearrange these methods to be in metal.

_set_content_type only does something when there is a request object,
otherwise the return value of _get_content_type is always ignored. This
commit moves everything to the module that has access to the request
object so we'll never to_s unless there is a reason

in the future I would like to make the header hash read only (or at
least remove guarantees that mutations will do anything).

typo "description not clear corrected with proper description and action_controller_overview file Rails' ->  Rails" [ci skip]

References #19565.

* A string in the example lacked quotes.

* The tests asserted stuff about :last_name, whereas
  test params do not have that key.

* But, the first one passed, why? After hitting my head against
  the wall and doing some obscure rituals realized the new
  #require had an important typo, wanted to iterate over the
  array argument (key), but it ran over its own hash keys
  (method #keys).

* Modified the test to prevent the same typo to happen again.

* The second test assigned to an unused variable safe_params
  that has been therefore removed.

* Grammar of the second test description.

* Since I was on it, reworded both test descriptions.

This PR adds ability to accept arrays which allows you to require multiple values in one method. so instead of this:

```ruby
params.require(:person).require(:first_name)
params.require(:person).require(:last_name)
```

Here it will be one line for each params, so say if I require 10params, it will be 10lines of repeated code which is not dry. So I have added new method which does this in one line:

```ruby
params.require(:person).require([:first_name, :last_name])
```

Comments welcome

This reverts commit cae2b5bb.

I am an idiot.

Apparently the AbstractController (whatever "abstract" means) is
expected to work without a request and response.

`render` is the only possible source for the `plain` option.  Pulling
the conditional up to the `render` method removes far away conditionals

We don't need to pass the full hash just to pull one value out.  It's
better to just pass the value that the method needs to know about so
that we can abstract it away from "options"

Since all controller instances are required to have a request and
response object, RackDelegation is no longer needed (we always have to
delegate to the response)

the subclass sets the body on the response object, so we don't need the
superclass doing it too

Now that `Controller#status=` just delegates to the response object,
we don't need to set the response on the controller and the response.
We can just set it in one place.

we always have a response object, so there is no reason to test it

Controllers should always have a request and response when responding.
Since we make this The Rule(tm), then controllers don't need to be
somewhere in limbo between "asking a response object for a rack
response" or "I, myself contain a rack response".  This duality leads to
conditionals spread through the codebase that we can delete:

  * https://github.com/rails/rails/blob/85a78d9358aa728298cd020cdc842b55c16f9549/actionpack/lib/action_controller/metal.rb#L221-L223

we don't need an instance to figure out what type of response to
allocate.  Later we'll pull this up the stack and pass the response
object down

May be missed in 5fe14163 commit
Also fixes the broken build

people should be accessing request information through the request
object, not via the env hash.  If they really really want at the env
hash, then they can get it off the request.

The cookie jar can just ask the request object for the information it
needs.  This allows us to stop allocating hashes for options, and also
allows us to delay calculating values in advance.  Generating the
options hash forced us to calculate values that we may never have needed
at runtime

Accessing a request object has nice advantages over accessing a hash.
If you use a missing method name, you'll get an exception rather than a
`nil` (is one nice feature)

The request.script_name is dup-d which allocates an extra string. It is most commonly an empty string "". We can save a ton of string allocations by checking first if the string is empty, if so we can use a frozen empty string instead of duplicating an empty string.

This change buys us 35,714 bytes of memory and 893 fewer objects per request.