pull-requests: security, prevent from injecting comments to other pull requests users don't have access to.

repo-settings: ensure deletion on repo settings model validate the settings id against the initialized model repo. - prevents from malicious deletions of settings by forgin IDs

select2: always escape .text attributes to prevent XSS via vcs references.

templates: rename base.mako into summary_base.mako. The previous naming wasn't optimal for search and code discovery.

pull-requests: security double check permissions on injected forms of source and target repositories.

db: prevent empty IN queries that generally are performance problem, and triggers sql warnings.

repo-groups: moved to pyramid

tests: change name of test module of auth-modules to prevent pytest complaining about it.

repo-forks: security, check for access to fork_id parameter to prevent resource discovery.

repo-forks: security, fix issue when forging fork_repo_id could allow reading other people forks.