Same as Subscription Requests

On python3 slapos.core for python2 software release, the output was bytes:

```
2021-11-05 17:28:39 slapos[12654] INFO Error with promises for the following partitions:
2021-11-05 17:28:39 slapos[12654] INFO   slappart7[balancer]: b'Promise \'check-apachedex-result.py\' failed with output: ERROR \'"/srv/slapgrid/slappart3/srv/runner/software/cc0326f0dcb093f56c01291c300c8481/bin/check-apachedex-result" --apachedex_path "/srv/slapgrid/slappart3/srv/runner/instance/slappart7/srv/monitor/private/apachedex" --status_file /srv/slapgrid/slappart3/srv/runner/instance/slappart7/srv/monitor/private/apachedex.report.json --threshold "70"\' run with failure, output: \'Score too low: 0% - Threshold: 70.0%\\n\''
```

See merge request !344

    It add a script to be custom on project site, if you have short term users, that requires short password expiration timing.

   Included for the changes on the configured chinese taxation

1) when ansible is still python2 and the callback "json" was introduced
(e.g. in Ubuntu 18.04) we need to use "strict_import" to be sure to use
the json python module and not the json callback

2) when ansible is python3 the syntax must be python3 compatible

3) also remove an uneeded data.copy()

As reported on https://github.com/xolox/python-coloredlogs/issues/107
logging objects with a __str__ method returning non-ascii characters
raises UnicodeDecodeError.

We have vendored coloredlogs version 0.5 long time ago, so just
apply the suggested fix here for now.

Because we were reading subprocess output as bytes, the output in case
of promise errors was something like b'ERROR ...'

There was another problem writing string to an binary file in error path.

When using virtualenv, the module paths are not simple list, but
instances of importlib._bootstrap_external._NamespacePath.

According to docs [1] module's __path__ does is not a list, but an
iterator producing strings.

Cast to a list to consume these iterators.

[1]
https://docs.python.org/3/reference/import.html?highlight=__path__#path__

We fork a subprocess to serve requests, but the listening socket is bound
in server constructor and inherited by subprocess. With this pattern, we
have to explicitly close the socket from parent process to prevent the
leak.

Allow to have missing bin/buildout of the software release, especially to cover
the case, when SR is not installed for partition being processed, eg in order
to destroy it.

  This work is unfinished, so it will be reworked on a branch.

See merge request nexedi/slapos.core!329

    For the time, Taxes were 19.6% on quite old systems.

  Remove this feature in favor of use projects/organisation to
  share servers, since it gives you a proper view of the allocation.

When --only-cp is provided, iterate over a filtered partition list
instead of repeatedly checking at each iteration if the current
partition is in the --only-cp list.

    We index now for very few portal types the bool(checkConsistency()) in order to search inconsistent documents.

    The indexation is limited to the scope we must monitor rather them all documents for 2 major reasons:

        - Too much useless constrants on erp5 code base, not applicable for our project (ie.: On person)
        - Performance on indexation is penalized from this extra cost, specially when index large trees (Deliveries or open orders)**

    ** Not so much, however, on a scale of millions of documents it can make a major difference, so this commits keeps up to the minimal implementation.

   If partition is None, it means the computer was reformated and there is garbage on it. It is meaningless to process this.

The `local-software-release-url` option allows migrating the software
URLs which are local paths by rebasing them on the path provided by
the option.

Do not migrate software release URLs if the old root path and the
new root path are subpaths or superpaths one of the other.

In addition, do not migrate an URL if the old one refers to an
existing file and the new one doesn't.

Also, create a backup of the database before migrating.

See merge request nexedi/slapos.core!338

  Since we an introduce more roles on project specific scope, like payroll and more general acccounting,
  use mixing for this allow us to extend it on Project specific mixin.

This is a fixup for 5c938a8d.

this is part of libc

fnmatch.fnmatch signature is path, pattern, we were passing arguments in
reverse order, so effectively we were only checking executable files.
Several .so are executable, so we were checking many .so anyway.

In old Debian 10, after the release of Debian 11, apt update is failing
like this if we don't add the option "--allow-releaseinfo-change":

root@debian:~# apt update
Get:1 http://security.debian.org/debian-security buster/updates InRelease [65.4 kB]
Get:2 http://http.us.debian.org/debian buster InRelease [122 kB]
E: Repository 'http://security.debian.org/debian-security buster/updates InRelease' changed its 'Suite' value from 'stable' to 'oldstable'
N: This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details.

Normally, all compute node are validated.

It allows to have a faster sorting.

Thanks to more specific exceptions the caller is able to understand what
exactly happened during processing, especially useful in case of the caller
uses testcase, and can sneak into real problems during setUpClass.

Some advanced tests setting up clusters need to being able to come in half of
the setup process to do some actions on the cluster in order to have its setup
finished, thus allow to override extracted _setUpClass and separated
waitForInstance, so that those actions can be executed.