TaintedString in Shared has never been released as Yvo pointed out to me, so there's no need for deprecation

the 'extra' argument of the publish method is no longer supported
(I hope nobody did use it - let's see if someone complains about this BBB foul)

Removed deprecated support for specifying ``__ac_permissions__``, ``meta_types`` and ``methods`` in a product's ``__init__``.

Get rid of some more testing dependencies in AccessControl by moving integration tests into higher level packages

- Full test coverage for ZPublisher.WSGIPublisher.

- Add 'add_user' script and finder help, borrowed from 'repoze.zope2'.

- Add call to 'setDefaultSkin(request)' to fix view lookups.

- Override the 'write' method in 'WSGIHTTPReponse' to avoid inappropriate
  stringification, allowing things like the Plone resource registry to work
  properly.

- Defer closing the request until the transaction commits, if and only if
  we know that middleware is handling the transaction.

- Make the WSGI publish function deal with three special cases:
  
  - App returns a file-like object as the response body (keep the app from
    stringifying it).
  
  - App raises an Unauthorized exception (just set the response status, to
    let middleware handle issuing a challenge).
  
  - App raises a Redirect exception (just call redirect on the response).

- Adapt test code to the new signature of 'HTTPResponse._cookie_list',
  which now returns a list of two-tuples, rather than rendered strings.

- Get quickstart page rendering under plain paste config.

- Make WSGIResponse.__str__ raise and exception, preventing an
  'attractive nuisance.'

  The real logic is in finalize and listHeaders now, and the publish*
  functions call those directly.

- Move finalization logic out of HTTPResponse.listHeaders.

- Refactor WSGIHTTPResponse to avoid the need to use str() and parse.
  
  o Instead, compute status and headers directly.
  
- Chop out error and transaction handling from the 'publish*' functions:
  the point of doing WSGI is to move that stuff out of the application,
  and out into middleware.
  
- One backward incompatibility:  the special "shutdown" behavior is gone
  here.  It should be replaced by something in view code.

- Factor out computation of the list of response headers from stringifying
  them, allowing WSGIHTTPResponse do reuse them as tuples.

- Chop out copy-and-paste fossils irrelevant to WSGI publication.

- Replace contorted logic for case-normalizing response headers with
  idiomatic Python.

- More PEP8 conformance.