Initial transient authentication

[renatav]

Ported and updated work done in https://github.com/openlawlibrary/open-law-authentication Instead of being a Flask application, this implementation relies on Django. This PR contains the following:

• A manage.py command which can be synchronize initial hashes. The command uses Django models.
• Very basic implementation of editions. This is something that will need to be updated later, once we put more thought into this concept.
• Implemented initial version of transient authentication. Added Chrome, Firefox and Edge extensions (copy-pasted them from the ported project, only changed the server port number). Ported validation.
• Added a git hook which updates hashes after pull. This hook and a script it calls should be copied to the html repository's .git/hooks directory. Python interpreter needs to be manually updated at this point. This is something we could maybe template in the future.

[renatav]

@aleksandarbos I made rather big changes after a conversation with @dgreisen, so please take another look when available. Our initial implementation is just a quick prototype, so I did not put much thought into using it in production. We cannot use git checkout anywhere, so that required some refactoring. Also, the initial idea was to have separate commands for initialization of hashes and their update, while we now want to have one function which can handle both cases.

[renatav]

Some thoughts:

If it is possible for two documents to have the same url, we could also save that file's name (or full file system path). Once we implement the possibility to validate a file by uploading it, we will have a problem with x.full.html files. Even if their content is not equal to the content of the corresponding x.html file, we won't be able to know to which hash to compare it to, given the url.

We also have another problem when just ignoring conflicts - if, as we discussed, something not inside tuf-authenticate div could've been changed. If we ignore the conflicts when inserting the hashes, the existing hash will still be updated. It's end commit will be set. Without inserting a new hash, authentication will return "valid but not current response". When updating hashes, we could check if the calculated hash value remained the same. We just need to match hash pending update and new hash. To do this, we need to be able to uniquely identify a hash. If url is not unique, combination of file name and url should be.