Deprecate omeroweb.filesessionstore

[sbesson]

Fixes #472

This custom SessionStore backend was introduced almost a decade ago to address an issue with the upstream store not respecting the file expiration. As discussed in the associated issue and indicated in the original commit message, this store was expected to be a temporary workaround and removed eventually in favor of the Django built-in file backend.

## Summary

This PR includes the following changes:

• deprecate the omeroweb.filesessionsstore.SessionStore class
• update DEFAULT_SESSION_ENGINE to use django.contrib.sessions.backends.file
• update the omero.web.session_engine property documentation to list all supported engines and mark omeroweb.filesessionstore as deprecated
• remove all the business logic of omeroweb.filesessionsstore.SessionStore and make it extend django.contrib.sessions.backends.file.SessionStore.

746caac is arguably the biggest change in the initial proposal and could be reverted if we decided to keep the existing logic. Note in that case, the implementation would likely need to be reconciled with the upstream changes as part of the Django 4.2 upgrade effort (#480).

Impact

The impact of this change on existing OMERO.web deployments should be minimal as:

• deployments using Redis as their session backend should be unaffected
• deployments using the default session backend should switch to django.contrib.sessions.backends.file
• only deployments with omero.web.session_engine explicitly set to omeroweb.filesessionstore will need to be reviewed

Testing

• test OMERO.web both with omero.web.session_engine set to omeroweb.filesessionstore or unset
  • check the application start
  • check that a connection can be established with the server
  • check that a new OMERO.web connection creates a file in the local session store (/tmp/sessionid* on standard Linux distributions)
• for both configurations above, the session should respect the expiration time:
  • set omero.web.session_cookie_age to 30
  • start OMERO.web and create a connection
  • check that a session has been created under /tmp
  • let the session expire after 30s of inactivity
  • refresh the browser and check that it redirects to the login page, check that the session is still present on disk
  • run omero web clearsessions and check that the session file has been deleted

[chris-allan]

With both omero.web.session_engine set to omeroweb.filesessionstore and unset the behaviour is as expected. Personally, I'm fine with omeroweb.filesessionstore just inheriting for now as a backwards compatibility thing. I cannot imagine someone is depending on any specific idiosyncrasies there and if they are they can include a version of the store themselves and use that if they'd like.

[knabar]

Thanks!