This is part of public site removal effort

Add todo app with task model and integrate todo app APIs with projects part(including PAF process, contracting and invoicing) (#3634)

Fixes #3628 Closes #3605 

Configured setting for default visibility of review. It can be set as
**private** or **reviewers**.

- Private: Visible only to staff.
- Reviewers: Visible to other reviewers and staff.

**Setting to consider:**

- ```REVIEW_VISIBILITY_DEFAULT ```

Closes #3417

---------

Co-authored-by: Fredrik Jonsson <frjo@xdeb.org>

If the PROJECT_ENABLED=False then the invoice should not be created at
the first place. But somehow at some point projects where enabled and
there are project and invoices in the system. The system should function
as expected compared to lacking functionality in/between.

This PR remove the PROJECT_ENABLED check on the project's
get_absolute_url, which is used while deleting invoices or potentially
at the other places.

closes #3663

Fixes #3680. Swaps the PositiveInteger field for a DecimalField with a
validator that ensures the input value is >= 0. Ensures project creation
no longer generates an exception when a project's `Requested Funding`
field has a decimal.

Fixes #3535 

Right now, we have two tables on the approvers dashboard "PAF waiting
for approval" and "PAF waiting for assignee" but as per the latest
design we want a new table "PAFs for review" that contains data from
both of the above tables and list it in a simple manner.
In this PR we are just adding that new table but not removing the older
ones, once we are done with the new table testing and are ready to have
it then we can remove the older ones.

The date requested column is kind of not clear yet. 
We have multiple dates, one of them is the "Submitted date" which is
when a lead/staff submits the PAF for the first time. Another one is
"Updated date" which is when staff submits or this approval(not paf) is
updated even for change approver/assignee(right now I have used this
one).
But I think we might need to maintain one more date as the "date
requested" for every approval, which might be different from both of the
above dates in sequential workflow(ex: the second approval
date_requested will be set as the first approval approved_date) while it
will be same as submit_date for parallel workflow.

What do you all think, is the submit_date enough, or should we have
date_requested as another as explained above?

**Update**
We decided to use submit_date as date_requested.
Removing the old tables as the new table contains both old tables' data.

Fixes #3541.

This PR adds descriptive help text to the Wagtail admin edit/create user
"Groups" prompt. This was done by creating custom Wagtail forms and
overwriting the existing group field, along with adding another field to
the
[groups.py](https://github.com/HyphaApp/hypha/blob/enhancement/add-desc-to-user-roles/hypha/apply/users/groups.py#L40).

The
[definitions](https://github.com/HyphaApp/hypha/issues/3541#issuecomment-1786722987)
provided by @fourthletter were shortened just a bit for the sake of
appearance. If anyone believes they got too truncated I'm fine with
updating them.

- The numbers don't break
- make the heading consistent, everything gets a h4
- Update the color and style for added/deleted text


closes https://github.com/HyphaApp/hypha/issues/3671

Bleach==5.0.1 is installed as part of django-bleech dependency.

- Use `.python-version` and `.nvmrc` in CI script, single source of
truth
- Update version of python and node. 
- Update version of alpinejs, htmx and other build js
- Update minor versions of python dependencies

Removes main-top.js

The language is render using site setting or user preference

Fixes #3631 

Closes #3388 & Closes #3389.

This PR adds an indication as to what user roles can see an archived
submission based off of [existing
settings](https://github.com/HyphaApp/hypha/issues/3388#issuecomment-1793773642).

- Update psycopg to 3 as it’s not supported by Django 4.2
- Replaced “BaseUserManager().make_random_password”, as it’s deprecated
- Update github action and breakup different checks, making them easier
to debug
- Updated the `makemigrations` checks to display the missing migration
and then fail
- Upgrade django-hijack to 3.4.2
- Update gunicorn to 21.2.0
- Upgrade django slack to 5.19.0
- Upgrade mistune to 3.0.2 (Bug fix release)
- Upgrade whitenoise to 6.6.0
- Update dev dependencies - black, ruff, pre-commit, pytest-django

Closes https://github.com/HyphaApp/hypha/issues/3362

1. Fix link to "view project page"
2. Add bg-light-grey as there are a log of white cards
3. Fix margin top on the top-most card.
4. Do not show supporting documents section if they are not present

Adds a scroll to top button to all the pages, it shows only if the user
scroll past a decent screen size. It's put on the center top so that
it's easily accessible.

**Edit:** Show only when the user is scrolling towards the top.

closes #3642

---------

Co-authored-by: Wes Appler <145372368+wes-otf@users.noreply.github.com>

closes #3080

…from Wagtail admin when Show consent checkbox was set.

Fixes #3649

It is replaced by alpinejs code and causing js exception on the project
page.

Current htmx request that end up being one of the following server
errors are silently ignored. This PR fixes it and capture the error response
and displays it to user. The full page is swapped.

Fixes #ISSUEID

This PR is depended on #3521 

- [x] Passwordless login
- [x] Passwordless signup 
- [x] Allow user to set a password after going to profile.
- [x] Allow user to change their email even if they don't have an email
set.
- [x] Allow user to add their name in the application form if name is
not present in the user account.
- [x] Don't display "Dashboard" link if the user does't have permission
to access to it.
- [x] Allow to use to setup 2FA without account password.
- [x] Display user content on the login screen, if configured (it is an
existing feature)
- [x] If 2FA is enforced, allow the user to submit the application
without setting up 2FA
- [x] Add email re-verification option to elevate, sudo mode, apart from
password
- [x] Update landing page after application submission, on success it
redirects now.
- [x] Update ENABLE_PUBLIC_SIGNUP and FORCE_LOGIN_FOR_APPLICATION to
true by default

# Login/Signup Flow


![image](https://github.com/HyphaApp/hypha/assets/236356/91c22cb1-bd1f-4665-98e2-0350829a5807)


## Updated Login Page with Registration Enabled

![Screenshot 2023-09-13 at 07 53
06@2x](https://github.com/HyphaApp/hypha/assets/236356/424fa2f6-a519-44e3-a9ec-449815dd39b2)


## After providing the email ID

The messaging is kept neutral to hide if the user is already registered
or not. The email will contain more detail, if the account exist or not.

![Screenshot 2023-09-13 at 07 57
27@2x](https://github.com/HyphaApp/hypha/assets/236356/7577447b-edf2-496e-94ca-3c98a8f2f075)

Login email copy
![Screenshot 2023-09-13 at 08 08
36@2x](https://github.com/HyphaApp/hypha/assets/236356/ab2d3e90-da2e-40ec-9f7e-bbb8d9e7235f)

## Signup

New Account Email copy
![Screenshot 2023-09-21 at 07 08
52@2x](https://github.com/HyphaApp/hypha/assets/236356/cb14350b-1cfb-4869-b863-ebbb95701089)

### Profile Page just after signup 
The user after clicking on the signup link in the email is redirect to
homepage. No dashboard is available as the user doesn't have applicant
role. If they click on the "profile" button they see this page with open
to update profile and setup a password and enable 2FA.

If the user decide to change the email, password is not asked if not
password is set, instead an email is sent to authorize the email change.

![Screenshot 2023-09-22 at 08 50
21@2x](https://github.com/HyphaApp/hypha/assets/236356/7ed0cb97-a7ca-49fe-aef5-de8f3890db1e)


## Updated "Sudo" mode page

### For account with password

![Screenshot 2023-10-31 at 7  49
38@2x](https://github.com/HyphaApp/hypha/assets/236356/fe27ad75-7e4b-4226-89c1-ddd7a5548944)

After clicking on the "Send a confirmation code to your email" link

![Screenshot 2023-10-31 at 8  03
28@2x](https://github.com/HyphaApp/hypha/assets/236356/bf7a4098-fd0f-4d55-9850-0862da69d808)


![Screenshot 2023-10-31 at 7  51
03@2x](https://github.com/HyphaApp/hypha/assets/236356/3768e87f-d105-4d54-9cd6-2e2b8a81fa2f)


### For account without password

![Screenshot 2023-10-31 at 7  53
44@2x](https://github.com/HyphaApp/hypha/assets/236356/8c84181a-43ce-4afe-a5be-758e3f0e55f8)


## Updated disable 2FA page

It requires "Sudo" mode, instead of password now. 

![Screenshot 2023-10-31 at 7  48
01@2x](https://github.com/HyphaApp/hypha/assets/236356/2b5c8bd1-27ea-42cd-9c84-608bb351631c)

Fixes #3650 
The PAF page contains multiple cards/boxes, so we want its background as
grey to enhance the visibility of those boxes.

Closes #3442. 

This small migration addition compliments #3445 as it will remove any
previous `NEW_SUBMISSION` events that belong to submissions that no
longer exist. This will allow for the removal of applicants that don't
have any active submission, but can't be deleted due to the `The object
you are trying to delete is used somewhere...` error.

Cheers!

No current version(newly added table to applicant dashboard).

Fixes #3644 

As of now, staff can upload contracts, so the 'waiting for' text is also
updated accordingly from "Awaiting signed contract from Contracting
team" to "Awaiting signed contract from Staff/Contracting team"(depends
on the settings)

Fixes #3655 

Faker v20.x makes a number of test not work. Faker is a dependency of
factory_boy.

An update to factory_boy might fix it or we need to update our tests.
This fix works in the meantime.

Updated the applicant dashboard header as per the latest designs.

Used a custom code instead of admin bar component because needed custom
implementation that is different from other or common admin
bars(headers)

Notes: 

Wagtail 5x has migrations:
```
You have 11 unapplied migration(s). Your project may not work properly until you apply the migrations for app(s): wagtailcore, wagtailsearchpromotions, wagtailusers.
```

- Upgrade Django, wagtail-purge,
Django-pwned-password,django-basic-auth-ip-whitelist
- Move logic from DeleteView -> delete() to form_valid()
- Make test more robust
- Upgrade dj-database-url to 2.x, and enable CONN_HEALTH_CHECKS
- Bump django-two-factor-auth to 1.15.x that has confirmed support for
Django 4.1
- Bump django-ratelimit to 4.1.0
- django-pwned-passwords seems be abandoned
https://github.com/jamiecounsell/django-pwned-passwords/pull/11
(replaced with it with it's fork)

The images are linked relative to page now. This prevents the mkdocs
warnings and also let these images render itself nicely inside the
editor or github interface.

This way of referencing also helps for future if the docs get deployed
to a path instead of a top-level domain

Change the query text to be linguistically correct

Fixes the language used in the clear query section for no results found
in hypha/apply/funds/templates/submissions/all.html