setup: support Bleach 4.2 for Python 3.10 support

Changelog shows no significant API changes.

Bleach 3.2 and later are however even more unreasonably paranoid than 3.1, and the test
thus has to be updated and we stop supporting 3.1 .

lib: use sha1 instead of md5 in a couple of places

md5 is dead and should be avoided. In the places changed here, we want to keep
using hashes without trivial collisions, but do not expect strong crypto
security. sha1 seems like a trivial step up from md5 and without obvious
alternatives. It is more expensive than md5, but we can live with that in these
places.

The remaining few uses of md5() cannot be changed without breaking backwards
compatibility or external API.

py3: trivial renaming of .iteritems() to .items()

A bit like "2to3 -f dict", but we don't want list().

lib: use Python dot notation for Markdown extensions

Gets rid of:

data/env/lib/python2.7/site-packages/markdown/__init__.py:259: DeprecationWarning: Using short names for Markdown's builtin extensions is deprecated. Use the full path to the extension with Python's dot notation (eg: "markdown.extensions.codehilite" instead of "codehilite"). The current behavior will raise an error in version 2.7. See the Release Notes for Python-Markdown version 2.6 for more info.
DeprecationWarning)

lib: sanitize HTML for all types of README rendering, not only markdown

The repository summary page will display a rendered version of the
repository 'readme' based on its file extension. In commit 5746cc3b3fa5,
the rendered output was already sanitized when the input was markdown.
However, also readmes written in other formats, like ReStructuredText (RST)
or plain text could have content that we want sanitized.

Therefore, move the sanitizing one level up so it covers all renderers, for
now and the future.

This fixes an XSS issue when a repository readme contains javascript code,
which would be executed when the repository summary page is visited by a
user.

Reported by Bob Hogg <wombat@rwhogg.site> (thanks!).

lib: sanitize HTML for all types of README rendering, not only markdown

The repository summary page will display a rendered version of the
repository 'readme' based on its file extension. In commit 5746cc3b3fa5,
the rendered output was already sanitized when the input was markdown.
However, also readmes written in other formats, like ReStructuredText (RST)
or plain text could have content that we want sanitized.

Therefore, move the sanitizing one level up so it covers all renderers, for
now and the future.

This fixes an XSS issue when a repository readme contains javascript code,
which would be executed when the repository summary page is visited by a
user.

Reported by Bob Hogg <wombat@rwhogg.site> (thanks!).

lib: use bleach to sanitize HTML generated from markdown - fix XSS issue when repo front page shows README.md

Reported by Bob Hogg <wombat@rwhogg.site> .

style: change markdown to use code-highlight class as usual for pygmentize

This make the styling simpler.

pygments.css can thus be generated with:

pygmentize -S default -f html | sed 's/^\(.*\) { /.code-highlight \1 { /g' > kallithea/public/css/pygments.css

markdown: specify extensions directly - don't use old positional parameters

The only supported markdown version always used the compatibility mode. Move
forward!

lib: refactor detection of markup renderers

Make it easier to spot which functions actually are used.

codingstyle: trivial whitespace fixes

Reported by flake8.

helpers: inline @mention markup in urlify_text

MENTIONS_REGEX is already compiled.

helpers: inline url markup in urlify_text

We inline it so we eventually can match all patterns in the same regexp and
thus avoid problems with parsing of formatted html. Inlining it will also make
repo_name and other parameters easily available.

lib: allow ';' when recognizing URLs

URLs often contains '&' which often has been html encoded to '&amp;' before
urlification.

rst: in @mention parser, escape spaces so they don't go to HTML

This eliminates extra spaces around @mentions. Every time mention was followed
by a comma, for example:

@username, have you seen it?

it turned into:

@username , have you seen it?

So an extra space was inserted. It was inserted because otherwise rst parser
might not recognise the markup (i.e. @user1,@user2 is replaced by
**user1**,**user2** — that would be interpreted as <b>user1**,**user2</b>).

See http://docutils.sf.net/docs/ref/rst/restructuredtext.html#character-level-inline-markup

Correct licensing information in individual files.

The top-level license file is now LICENSE.md.

Also, in various places where there should have been joint copyright holders
listed, a single copyright holder was listed. It does not appear easy to add
a link to a large list of copyright holders in these places, so it simply
refers to the fact that various authors hold copyright.

In future, if an easy method is discovered to link to a list from those
places, we should do so.

Finally, text is added to LICENSE.md to point to where the full list of
copyright holders is, and that Kallithea as a whole is GPLv3'd.

Second step in two-part process to rename directories.
This is the actual directory rename.