account: Unify reconcile_partial and reconcile behaviour: return the account.move.reconcile id

[MERGE] auth_crypt: Upgrade to pbkdf2_sha512

replace handrolled KDF by passlib (& usage of passlib API)
* replace handrolled KDF by passlib (& usage of passlib API)
* replace md5crypt by pbkdf2(sha512)
  - handle upgrade from an old database (rehash on login)
* forward-port encrypt-at-install from f29ff5ef

[IMP] base: use current context when evaluating ir_actions' context

Record values should not be passed by keyword to "Model.create": there
is no requirement or guarantee that overriding methods call the
parameter "vals".

Come on !!!!   

timesheet_obj.create(cr, uid, vals=vals_line, context=context)
timesheet_obj.create(cr, uid, vals_line, context=context)

also move utility methods to class bottom to improve reading experience
(hopefully)

Applies to new and yet-to-be-encrypted users, existing already-encrypted will
keep logging in as usual, their password storage will be upgraded on next
password *change*.

It should be similar like it's done with reconcile(). That would help a lot when needs to make automatic partial reconciliations.

website: missing timezone conversion back to UTC on save

In t-field, datetime fields (formatted and not formatted versions) are
converted to the context/user's timezone (through
fields.datetime.context_timestamp) when displayed, but were saved without
converting back so the next display would go forward (or back) of the user's
tzoffset.

Fix that by applying context_timestamp's conversion backwards, from the
context/user's timezone back to UTC, before saving the field's value.

`@groups` attribute in qweb views

[MOV] [RENAME] project_mrp -> sale_service

[FIX] project_mrp: fixed with in which product attributes are added, probably due to product and template refactoring

[IMP] add XID to view name in Ace editor dropdown

* Looks better
* Allows for a label
* Allows for longer template names and ids without cutting off
* Room to grow more info bits

Make attachment data available under public by default

Qweb foreach

Fix postprocessing of request arguments in website

[IMP] hr_timesheet, hr_timesheet_sheet: merge timesheet and hr_timesheet reports; base report moved to hr_timesheet; hr_timesheet_sheet adds data to the report using inheritance.

[ADD] support for multiple value query args in keep_query()

[REF] website: change URL to new Odoo website

Assuming access rights are correctly configured, this allows providing
downloads for any attachment type, not just to display images via
/website/image.

TODO: unify attachment querying, we've got stuff over both web/ and website/

[FIX] sitemap does not show pages (Fixes #452)

the /page/ controller was not using the page converter

the /page/ controller was not using the ``page`` converter

The @groups attribute in qweb views was not rendered (even when matched by the
user), so editing a template with an @groups would either remove the whole
section (if the user didn't have the groups, fixed in previous commit) or only
removed the attribute itself making it visible to everybody (which ought be
fixed-ish by this commit).

If the current view uses @groups attributes (possibly in called templates),
the corresponding elements are rendered to a void (empty string in qweb). If
said user can edit the page, does so and saves a view section in which there's
a @groups to which he has no access, the element[@groups] is completely
removed from the template once saved, losing it.

If QWeb encounters an @groups to which the current user has no right during
rendering, have it request a no-RTE page, so the user can not RTE-edit the
page (or drop snippets in it).

[ADD] website_instantclick module: using instantclick lib, faster loading of website in public mode. Done in a separate module to avoid doing it by default.

[IMP] crm: onchange partner on lead form view better fills partner and contact name, depending on whether the partner is a company or not