erp5_core: Improve BaseExtensibleTraversableMixin._forceIdentification
Fix bugs: - Fix an acquisition context bug: the user found here would be wrapped in the acquisition context of self, and as a result SecurityManager.validate may consider the user to be outside of the acquisition path of the document being checked (ex: when accessing a module while publishing a web section). - While unusual, there may be multiple users matching a given request, which is handled by ZPublisher but was skipped here. Also: Document: - Why this method is needed. - assumptions made to get simpler code. Improve performance: - portal_membership._huntUser looks the user up twice, which is expensive. Stop using this method. - When the request is a fake request (from restrictedTraverse) nothing can nor should be done, so bypass the entire logic that case. - Assorted tiny improvements: do not retrieve security manager twice, avoid extraneous local assignments, ... Improve coding style: - Stop accessing portal_membership's underware. - Stop accessing PluggableAuthenticationService's underware. - Simplify disabled cache support: this is exceedingly rare, optimise for when it is enabled. - Do not hardcode log level, also increase the severity: this really is a warning. - Do not try to decode Basic-auth, this is the job of the user folder. This removes duplicated code.