Require OAuth for search engine checks

[ChlodAlejandro]

This PR adds the initial backend requirements for the OAuth flow and makes authentication required for all uncached search engine checks. This adds three new routes:

• /login (GET, POST) - for logging in
• /logout (GET, POST) - for logging out
• /oauth-callback - OAuth 1.0a callback route, used by MediaWiki

This requires the following .earwigbot/config.yml values:

• wiki.copyvios.oauth.consumer_token
• wiki.copyvios.oauth.consumer_secret

This requires a new file in the root folder (on Toolforge, ~/git/copyvios/) named config.py, to be used by Flask. This has already been added on Toolforge. This should export a single value, SECRET_KEY, which will be used to encrypt session data. An example config.py file can be as follows:

__all__ = ["SECRET_KEY"]

# Generate with `import secrets; print(secrets.token_urlsafe(48))`
SECRET_KEY = "TEST"

This adds mwoauth==0.3.8 as a requirement. 0.4.0 is not a possible version since it is Python 3.x-only. There doesn't seem to be any significant differences between the two which would be detrimental to the auth flow.

Login/logout state can be checked through the page header. By default, a separate page navigation is not required when the link is clicked by the user. When following a link to /log(in|out), however, an extra button will be shown to prevent inadvertent logins/logouts.

Cached data is still shown to unauthenticated users when available.

The commit which enables the requirement is separated to make it easily revertible in case something bad happens during deployment.

[ChlodAlejandro]

Holding this until 14:00 UTC (or slightly later) to wait for comments from Earwig, then will deploy to Toolforge.

[ChlodAlejandro]

Just added a workflow speedup: the query attempted at request time should be run immediately after finishing the auth flow.

[earwig]

Looks good aside from a couple minor comments!

[earwig]

Just a couple more.