Geo: Single Sign Out

Implements Single Sign Out for Geo (#76).

Initial proposal was to generate a hash based on the `access_token`, but that created a O(N) cost against a desirable O(1), as a new `access_token` is generated for each new login. To overcome that cost we would need to send a "public identifier" to help retrieve the correct `access_token` and provide that during login process.

This is also how most Single Sign On implementations works (they provide some sort of session_id, that we notify every node to invalidate, during sign out process).

As I don't want to modify our OAuth table (that is managed by doorkeeper) nor change the way our login process work, the solution is to encrypt the `access_token` using a symmetric key known by both nodes, and expire the `access_token` after the logout to prevent replay attacks (otherwise we would need to send a `nounce` and store that on primary). 

The key is based on `Gitlab::Application.secrets.db_key_base` which we already use to encrypt database attributes and is synced between both nodes. We communicate sending a `state` parameter which is known terminology in OAuth protocol.

Although this is implemented with Geo only in mind, we can backport to CE (with minimal changes) and provide as a "non-standard" way of single sign off for applications that integrate with GitLab.

Fixes #522 

See merge request !380

Updated mirror repo UI

![Screen_Shot_2016-04-27_at_17.12.28](/uploads/b8277ab88ec7c23b9e48d9a2f8bb5d9c/Screen_Shot_2016-04-27_at_17.12.28.png)

![Screen_Shot_2016-04-27_at_17.12.30](/uploads/90c7150d17343ce2056d7145d0e774be/Screen_Shot_2016-04-27_at_17.12.30.png)

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/14026

See merge request !362

SAML support for admin groups

SAML now supports admin groups, very similarly to how it does external groups.

/cc @dblessing 

See merge request !408

Updated EE changelog for 8.7.6

See merge request !411

Updated webhooks UI

The webhooks files are in different places for EE & CE so this was missed when merging CE into EE.

## Group UI

![Screen_Shot_2016-05-17_at_10.05.39](/uploads/6e2942e478b574545b45989365307c24/Screen_Shot_2016-05-17_at_10.05.39.png)

## Project UI

![Screen_Shot_2016-05-17_at_10.06.08](/uploads/61380b40568bbc260932895be83d6bae/Screen_Shot_2016-05-17_at_10.06.08.png)

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/17525

See merge request !404

Warn admin if current active count exceeds license

Screenshot:

![image](/uploads/68b9d95f63ccb936f80414ecd63c07b3/image.png)

Closes #393

See merge request !401

Allow adding a new license via the API

Fixes #313 

Add a new `post` license API endpoint. The endpoint is `/license` and the only/required attribute is `license`. The license should be sent in string format. 

I also renamed the `licenses.rb` api file because it deals with license templates and was pretty ambiguous. The endpoints didn't change, and are still equally ambiguous, unfortunately. We should really consider changing those in 9.0 to `/license_template` or something. 

cc/ @MrChrisW 

@rymai Will you review, please?

See merge request !400

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/17525

Make it clearer that /licenses is the OS license templates endpoint

Following the discussion on https://gitlab.com/gitlab-org/gitlab-ce/commit/13804aba867d19009ca94d820aa7ec650a509f5a#note_4961954.

Corresponding CE MR: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/4188

See merge request !407

Signed-off-by: Rémy Coutable <remy@rymai.me>

Closes #393

Merge CE 73ead4 to EE



See merge request !403

ES upgrade docs

See merge request !393

Instrument all Grape API helpers

This has been added to help us figure out what's making certain Grape API calls slow (e.g. the one used for authorized keys as described in gitlab-com/operations#99).

See merge request !4169

Bump gitlab-elastic-git

Fixes https://gitlab.com/gitlab-org/gitlab-ee/issues/378

See merge request !343

Fix left sidebar overlap when scroll on long menu

Fixes #17566. Caused by https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/4139. Smaller fix compared to https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/4164

cc @iamphill @jschatz1 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

See merge request !4165

CE upstream



See merge request !402

Toggle email signup confirmation in admin settings

Implements toggling verification email #14684

See merge request !3862

Add an Event's target's title to its reference link

Given an activity feed entry like:

> Douwe Maan commented on [issue #123] at [gitlab-org/gitlab-ce]

...the `issue #123` link will now have a `title` attribute.

Plus some minor refactorings, see individual commits for details.

See merge request !4090

Disallow search engines from indexing uploads from a GitLab project.

This can sometimes include sensitive information from private projects and confidential issues. It shouldn't be indexed. Resolves #15551.

cc: @DouweM 

See merge request !4167

Use the relative url prefix for links in Wiki

Retry of gitlab-org/gitlab-ce!4026

@rymai !4050 solved all other problems how it looks like. I [tested](https://gitlab.com/artem-forks/gitlab-ce/commit/ff01eca7b559efa7cacf3412aa01cd8ae8a6db7e/builds) this with ruby22

Fixes #17071 



See merge request !4131

Add tests for unintentional filtering bug in MR

!3872 has a lack of tests for Merge Requests while !3872 has only ones for Issues.

This MR has complementary tests for MR list.

See merge request !4154

This can sometimes include sensitive information from private projects and confidential issues. It shouldn't be indexed. Resolves #15551.

Remove unused methods from Event model