1.6.X is current stable series of Go.

https://golang.org/doc/go1.6
https://golang.org/doc/devel/release.html#go1.6

So switch helloweb and default golang to it.

/reviewed-by TrustMe  (tested on helloworld)

From https://golang.org/doc/devel/release.html#go1.5.minor:

    go1.5.4 (released 2016/04/12) includes two security fixes. It contains
    the same fixes as Go 1.6.1 and was released at the same time. See the Go
    1.6.1 milestone[1] on our issue tracker for details.

    [1] https://github.com/golang/go/issues?q=milestone%3AGo1.6.1

/reviewed-by TrustMe    (tested with helloworld)

Avoids being spammed with
  WARNING ZODB.DB DB.open() has X open connections with a pool_size of 7
on zopes with more than 7 worker threads.
Also, allows better hit-rate on volatile attributes in such case, as
otherwise connections (and their cache) would be discarded when many
threads would be made busy, decreasing performance.

This works around https://github.com/buildout/buildout/issues/159

This violates "instanciation happens offline" rule and project which
initiated this need do not use it anymore.

This patch change the log format from:

```
2016-03-25 04:26:37,609 WARNING access 172.17.0.2 - Anonymous [25/Mar/2016:04:26:37 +0200] "GET / HTTP/1.0" 200 0 "" ""
------
2016-03-25 04:26:37,613 WARNING access 172.17.0.2 - Anonymous [25/Mar/2016:04:26:37 +0200] "GET / HTTP/1.0" 200 1971 "" ""
------
2016-03-25 04:26:37,619 WARNING access 172.17.0.2 - Anonymous [25/Mar/2016:04:26:37 +0200] "GET / HTTP/1.1" 200 1952 "" ""
------
2016-03-25 04:26:40,619 WARNING access 172.17.0.2 - Anonymous [25/Mar/2016:04:26:40 +0200] "GET / HTTP/1.0" 200 1971 "" ""
------
2016-03-25 04:26:43,622 WARNING access 172.17.0.2 - Anonymous [25/Mar/2016:04:26:43 +0200] "GET / HTTP/1.0" 200 1971 "" ""
```

to something more concise for the eye:


```
2016-04-06 10:13:41,854 WARNING access 172.17.0.2 - Anonymous [06/Apr/2016:10:13:41 +0200] "GET / HTTP/1.0" 200 1971 "" ""
2016-04-06 10:13:44,861 WARNING access 172.17.0.2 - Anonymous [06/Apr/2016:10:13:44 +0200] "GET / HTTP/1.0" 200 1971 "" ""
2016-04-06 10:13:47,868 WARNING access 172.17.0.2 - Anonymous [06/Apr/2016:10:13:47 +0200] "GET / HTTP/1.0" 200 1971 "" ""
2016-04-06 10:13:50,875 WARNING access 172.17.0.2 - Anonymous [06/Apr/2016:10:13:50 +0200] "GET / HTTP/1.0" 200 1971 "" ""
2016-04-06 10:13:53,882 WARNING access 172.17.0.2 - Anonymous [06/Apr/2016:10:13:53 +0200] "GET / HTTP/1.0" 200 1971 "" ""
2016-04-06 10:13:56,890 WARNING access 172.17.0.2 - Anonymous [06/Apr/2016:10:13:56 +0200] "GET / HTTP/1.0" 200 1971 "" ""
```

by changing the log format from the default `------\n%(asctime)s %(levelname)s %(name)s %(message)s` ( defined [here](https://github.com/zopefoundation/ZConfig/blob/0d6a8a1/ZConfig/components/logger/handlers.xml#L38
)) to simply `%(asctime)s %(levelname)s %(name)s %(message)s`

It is enabled for both event.log and Z2.log


/cc @kazuhiko @vpelletier @tc 


/reviewed-on nexedi/slapos!67

/reviewed-on nexedi/slapos!82

The problem is explaned here: https://bugs.chromium.org/p/chromium/issues/detail?id=260239

The use of header Vary: Origin dosen't fix the problem on chrome so I disabled the cache
with Pragma "no-cache". This doesn't cause issue because most of monitor files are
modified every minutes and sync happen at least every 5 minutes. So the better solution
is to disable cached.

fixing segmentation fault on css opacity rendering

/reviewed-on nexedi/slapos!81

  Update documentation to follow up recently changes. 
  Link to json schemas instead duplicate the information.

forgot to update md5sum ...

From Cédric message

When a client do a request, you pass the Accept-Encoding header. For me it is:
```
Accept-Encoding:gzip, deflate, sdch, br
```

But in a lot of case the cache configuration has `Vary:Accept-Encoding` . `Accept-Encoding` request header may vary a lot from a client to another but one of the common denominator is `gzip`. So in order to avoid a multiplication of cache versions in CDN, if `gzip` is present in the `Accept-Encoding` request header all other format are stripped from the request in order to reduce variation in Trafficserver.

When this parameter is activated:
```
Accept-Encoding:gzip, deflate, sdch, br
```
is transmitted as
```
Accept-Encoding:gzip
```
And
```
Accept-Encoding:deflate, sdch, br
```
is transmitted as
```
Accept-Encoding:deflate, sdch, br
```

Quoting Romain:
> As you can see at https://lab.nexedi.com/nexedi/erp5/blob/master/bt5/erp5_web/ToolTemplateItem/caching_policy_manager.xml
> , caching policy manager often set Cookie in the Vary  header.
> For the CDN, it means that each query on the same URL but with a
> different cookie will never be a HIT, and so, query will always access
> ERP5 backend.

Some people might be confused and think it is paths

"I remember it is something scary ;)"