mettags: limit the scope of url => metatag to http, https and / links. - prevent of malicious injection of JS links and other unsafe types

diffs: fixed problem with rendering no newline at the end of file markers. - fixes #5402

pull-requests: security, check for permissions on exposure of repo-refs

dependencies: bring back supervisor to be able to run deamonized rhodecode without control.

nix: expose celery binaries

comments: allow to properly initialize outdated comments that are attached to the end of diffs. This allows resolving todos that are outdated.

comments: place the left over comments (outdated/misplaced) to the left or right pane. So we don't loose the original context where they were placed.

testapp: moved login/csrf session methods into TestApp itself. - this allows easier control over which app is responsible for session handling. This comes in handy in CE vs EE test where EE get's a custom app.

pytest: reduce *_util fixture to just relly on db_connection instead of whole baseapp.

pytest: added db_connection fixture.