The ERP managers (users with 'Access Rights' rights) cannot even click on
the Settings app menuitem. Because of 2 things:
- The Dashboard settings is accessing the model ir_module_module. So
  we set a groups 'group_settings' on it.
- The Users view is accessing the model ir_module_category to groups
  the aggregate and display the settings. So we change the security rules
  by giving the access to the group_erp_manager instead of group_settings
- The global rules opn companies was applied to the erp managers. We
  splitted this ir.rules into three new ones on portal,public and employee
  users to allow the erp managers to access the companies
- Writing on the res_groups was calling the method _update_user_groups_view
  in all the cases. This method should be called only when the view was
  needed to be modified, i.e. when the category_id is modified for this
  group.

- The 'Extra Access Rights' is now hidden out of debug mode
- The fields 'company_id' (current company) and 'company_ids'
  (allowed companies) are hidden if there are no more than 1
  company in the database.
- If there are more than 1 company, the fields are displayed
  on the user form view and setting more than 1 company on the
  user will add him into the group 'group_multi_company'. On the
  same way, setting only one company on a user will remove him
  from this group
- The group 'group_multi_currencies' is displayed on the General
  Settings. Enbaling this feature will add all the users into this
  group. This is more accurate as this feature is more global
  than per employee.

This additional administration group was formerly used to hide
the configuration menuitems for the common users.

Being manager should be enough to access these items

The field is defined but never user. It could be useful to indicate
to the delivery guy that the product is 'fragile' or whatever.

[ADD]hr_recruitment,website_event_track: added color field to store the user selected tag color where tag color selection is not possible and improved the tag position in kanban view of event.track.

[IMP] event: The timezone of the event should be required field because if the user does not set timezone then in website_event(frontend) for event's timezone is not intuitive

[IMP] accout_bank_statement_import: add a feature to build the full name of the bank statements by just giving the number

Remove the tooltip as it is outdated. It still refer to a checkbox. However it
is now a selection field whose entries are clearly defined. The tooltip is
therefore not necessary anymore.

Rename field string from 'Function' to 'Job Position' in the lead model. This
way it matches the wording used in the customer form.

Indeed UTMs should be created from the front end, via promote.

Also fixed some mismatch in tracker views by correctlin setting the view_id in
mass_mailing and classic utm view.

As this module does not have any code to migrate to the new api, only a move
is performed. No code has been harmed.

Removed controller override in website_sale_stock. Indeed this override adds a
result that is not used anywhere. website_sale_stock contains now only a template.

Replace the word 'Supplier' with 'Vendor'

A favorite system is introduced in project model. It uses a many2many between
users and projects. This allow users to favorite a project and see them by
default in their project dashboard.

The new default fitler when seeing projects is now favorited projects.

In order to avoid all users being able to see leaves from everyone
the record rule is updated so that users see only their own leaves.

Code computing leave on employee record now uses super user to compute
it to ensure the current status of an employee is visible to other
employees.

Dashboard menus is now restricted to group hr_manager.

Environment field on payment.acquirer model now has a shiny stat button on its
form view. It allows to toggle between production and testing mode.

All payment acquirers are by default in testing environment now, to avoid issues.

[IMP] account: added field reference on bank statements, to hold the name of imported file or online synchronization reference

Finally add support of CIDs in incoming emails. Inline images are recognized
and added as attachments. Image links are updated from src=cid: to src=link
using the /web/image controller.

It has been decided to keep the image in atttachments instead of putting them
in base64, like proposed in various PRs. Indeed we prefer to store this data
into the attachments instead of directly putting it in the mail_message table.
Moreover this enable the display of attachments in the chatter and record views.

the messages in a thread were previously rerendered every minutes to
update their timestamps.  This commit only update the timestamps, not
all the message.  This will allow us to keep expanded/folded state in
messages without collapsing them every minutes.

[IMP] mail: add read more/read less support client side

Messages are cleaned up and tagged server sides, with a attribute
data-o-mail-quote.  This commit replace their content with a clickable
read more link, which toggle its display.

Remove html_email_clean in tools. Remove shorten in mail.

Quote detection is now done in the sanitizer itself. It tags nodes that are
inside quotes (signature, text quotes, email quotes). The purpose is to remove
html_email_clean and have all the html cleaning / sanitizing inside a single
function. When a node is tagged, data-o-mail-quote is set on the node.
This attribute is added in the whitelist of valid attributes for the
sanitizer.

[REM] Support of shortening messages. The read more / read less will only
display or hide detected quotes and signatures. Shortening messages above
a given amount of characters is not supported anymore. Indeed it adds much
complexity to the sanitizer without adding much value to the result. The
primary purpose of the sanitizer is indeed to remove noise and unnecessary
content.

[TESTS] a lot of test are not necessary anymore, as read more / read less
display will be moved in the front-end and as the shortening has been
removed.Tests have therefore been cleaned and simplified.

[DEMO] mail: small demo update to include a bit quote detection

Purpose:
The field date_deadline is a date field (without hours:minutes:seconds)
The customer is tempted to put the task deadline under hours, which is not
feasible

So in the calendar view for task, set the "month" view by default
instead of the "week" view.

'situation' type is no longer present, remove it's contextual help (tool-tip).
Make the tooltip multiline.

Add possibility for modules to add validators, getting closer to
defining views outside of base.

Checked that the arch tag was a *substring* of "kanban" rather than
literally "kanban"

Style attribute is now parsed and sanitized. Only a while list of accepted
properties is kept. The behavior is implemented directly in the cleaner
itself. As there is no easy possible inheritance, the styling cleaning is
appended directly after the legacy processing in __call__.

The styling sanitizer is called only if the style attribute is kept. If
the sanitizer is called with strip_style=True, the styling is removed
and therefore no sanitizing is performed.

Tests about html fields have been updated. Indeed the styling is now sanitized
and the test was not correct anymore, as the test html was stripped. It now
contains styling that is kept. The strip_classes is also tested.

Do not strip class by default on html fields, this was an error. Currently
only mail_message body field should not contain classes. Indeed as external
content can be stored through the mail gateway we do not want to keep the
classes.

Do not try to keep frames as they are already removed. Indeed tag_to_kill contain
the frame tag. This parameter has precedence on the ``frames`` parameter of the
cleaner. It was therefore unnecessary.

Added the support of strip_classes, like the already existing strip_style
parameter of html fields.. This parameter is missing but allow full
customization of html fields.

Also fixed the call to the sanitizer in fields. Indeed the strict mode is
set to False. When not in strict mode the classes are never stripped whatever
the value of strip_classes.

Sanitizer is now called always in strict mode to ensure the sanitize process
is correct and really take into account strip_style and strip_classes.

This fix is done in master due to possible side effects and possible behavior
changes that are not welcomed in stable versions.

opw-670279

Before this rev., editing the subtypes of other followers was only possible if
the current user already opened a record of the same model of which he is
himself follower.

- extended_chat_window feature in its own files: as it is only available in the
  backend, we don't want it in the frontend assets (which contain the 'basic'
  chat_window)
- move followers feature in its own files
- creation of the 'mail.utils' module in utils.js
- creation of systray.less to define the style of the mail item and dropdown
  in the navbar
- use of chat_manager's search_partner function in PartnerInviteDialog
- some code linting

When loading a form_view with the follower widgets, an RPC was performed to get
the followers info (name, email...), and if the user is one of the followers,
a second RPC was done to retrieve the subtypes.

This rev. batches those two RPCs. Also simplifies read_subscription_data() as
it is now always called with a follower_id.

A few code refactoring as well.