erp5_oauth_google_login: Activate google extraction plugin and add assert to check extractCredentials

Google Login follow the same implementation of ERP5 Login(subobject of Person) and with an action in preferences, the user can add Google Login to his person.

- A link was add to login page in ERP5 with Google Account and zocial.min.css is used to display it nicely

- logout was extended to remove cookie __ac_google_hash if authentication with Google account is enabled

- login_form is using ERP5Site_getAvailableOAuthLoginList to know if google login is supported or not. With this, we can extend to other oauth easily.

- ERP5ExternalOauth2ExtractionPlugin don't have the responsability of create user in extraction plugin. A more apporpriate place would be a dedicated "signup using oauth" page, relying on erp5_credential for the actual user creation.

- portal_oauth is used to store secret_key and client_id from Google

- enable PAS plugin through upgrader

When a user triggers `NotificationTool.sendMessage(recipient=user_id)` to a recipient she does not have access permission on, it now causes this problem (the caller context is a custom script with manager proxy role):

```
  Module Products.ERP5.Tool.NotificationTool, line 322, in sendMessage
    person_value = getUserValueByUserId(person)
  Module Products.ERP5.Tool.NotificationTool, line 291, in getUserValueByUserId
    return portal.restrictedTraverse(user['path'])
  Module OFS.Traversable, line 317, in restrictedTraverse
    return self.unrestrictedTraverse(path, default, restricted=True)
  Module OFS.Traversable, line 251, in unrestrictedTraverse
   - __traceback_info__: (['redacted_person_id'], 'person_module')
    next = guarded_getattr(obj, name)
Unauthorized: You are not allowed to access 'person_module' in this context
```

This is a regression caused by 62d8d3ac .

That particular case was working before, because the person was looked up using [catalog]( https://lab.nexedi.com/nexedi/erp5/blob/882f0022c7af4f36c2f31643498ac0b5d82c2217/product/ERP5/Tool/NotificationTool.py#L321-322) so the proxy role from the caller script was taken in to account.

Now, we can say that the approach suggested here is not correct and document that the current logged in user must have permission to access the person documents involved as sender or recipient in the notification.

Then, if we need to send message to persons the current user does not have access permission, instead  of using:
```python
portal.portal_notifications.sendMessage(recipient=person.getUserId())
```

just do:
```python
portal.portal_notifications.sendMessage(recipient=person)
```

but the later does not allow for using activities.

/cc @vpelletier @gabriel 


/reviewed-on nexedi/erp5!395

This commit contains two main changes:
- Add worklist gadget to the homepage.
- Remove the child's `changeState` calls in homepage.
  This was done by using customized `form_list_sr`. Which can let the listbox
  has same appearance like `form_view` but use same argument passing mechanism
  as `form_list`.

/reviewed-on nexedi/erp5!415

[erp5_officejs] Add cachealldocs Storage to cache allDocs call results and then service get requests with them

Test passed :  

https://nexedijs.erp5.net/#/test_result_module/20170926-4163AF53

/reviewed-on nexedi/erp5!414

We don't want users to be able to use the tool and send arbitrary
notifications to other users.

/reviewed-on nexedi/erp5!409

/cc @aurel 

/reviewed-on nexedi/erp5!411

To generate (and execute) SQL, use catalog tool.

/reviewed-on nexedi/erp5!408

This reverts commit 206fa603 (which was
itself a revert commit), re-applying the change now that surrounding
code is ready for it.

Ignored columns are produced when aliasing a column. For example,
aliasing "catalog.reference" as "reference".
Before this change, this would cause conditions on "reference" to be
rendered non-mapped, which can cause SQL execution issues when there is
more than one "reference" column available (catalog.reference and its
alias counting as only one), which is the case when
catalog-category-catalog joins happen.

Instead, render all columns which could be mapped, independently from
their "ignored" status.

Also, use a different local variable for table aliases than for column
aliases.
Also, use more "return" statements, and simplify conditional structure.

As per Jérome, who implemented the test, it was written to test the
current state rather than testing the desired outcome. And it makes
little sense to have (and test for) 100 being present in both debit and
credit columns ("normal" lines), and 0 to be present in the stat line.

Update test to check for a more consistent outcome.
Acked-by: Jérome Perrin <jerome@nexedi.com>

Explicitely state which values represent empty values. Coercing to boolean is not sufficient.

-  Remove field_json.value because that one is never send by ERP5 backend
-  Set comprehensive initial state and avoid sneaking state variables afterwards
-  Handle better NaNs which represent empty numerical value
-  Refactor for shorter and simpler code
-  Rename "percents" -> "percentage" according to coding style guidelines

otherwise TALES in input_style does not work and changes in the original proxy field will not be reflected.