(cherry picked from commit 0e4b816c)

Switch dashboard from GET to POST.

Restrict non-staff users to access preview content.

TNL-4291

HOSTNAME_MODULESTORE_DEFAULT_MAPPINGS,

TNL-4194

SEC-109

Escape full names

To prevent XSS attacks, we now properly escape any string containing
the user's fullname. Enumerated by searching webview.py for "fullname",
and "git grep"-ing any occurrences. This also exposed some unused strings,
which I deleted for clarity.

TNL-3849/SEC-69

Port audit cert changes to Dogwood.

The previous logic was a convoluted way of doing the same thing, and
has already led to one bug. Instead of hoping that the bugs are ironed
out now and that future devs maintain this logic properly, let's just
set a real cutoff date.

COR-2403

Two new certificate statuses are introduced, 'audit_passing' and
'audit_notpassing'. These signal that the GeneratedCertificate is not
to be displayed as a cert to the user, and that they either passed or
did not. This allows us to retain existing grading logic, as well as
maintaining correctness in analytics and reporting.

Ineligible certificates are hidden by using the
`eligible_certificates` manager on GeneratedCertificate. Some places
in the coe (largely reporting, analytics, and management commands) use
the default `objects` manager, since they need access to all
certificates.

ECOM-3040
ECOM-3515

ECOM-3401

Use the Dogwood Open edX versions of the docs for online help.

See
https://openedx.atlassian.net/wiki/display/DOC/Open+edX+Documentation+and+Versioning
for details

Update two management commands to Django 1.8

Collectstatic failed in production when comprehensive theme contained custom css files.
This patch fixes that problem by removing ComprehensiveThemeFinder from STATICFILES_FINDERS
and ComprehensiveThemingAware mixin from STATICFILES_STORAGE.

Comprehensive theme static dirs are added to the top of the STATICFILES_DIRS entry,
which means that the default django FilesystemFinder will find theme static files,
and since the theme folder is at the top of STATICFILES_DIRS, theme files will take
precedence over default LMS/CMS static files.

This change means that theme static file URLs are no longer prefixed with themes/<theme-name>/,
but since we currently only support one comprehensive theme at a time, that shouldn't be a problem.
If/when we want to make the choice of a theme dynamic per-request (microsites?), we will have to
bring custom theme finders and storage mixins back, but for now, we don't need them.

Bump xblock-utils hash.

Revert "Remove staff debug category type whitelist."

Add the ActiveTable and Vector Draw XBlocks to ADVANCED_COMPONENT_TYPES.

This reverts commit bb25473a.

Reason for revert: Was breaking display on Course About and Info
pages.

All feedback above was addressed, the commits were squashed, and tests passed. Merging.

Course Overview - require manual seeding of the table

add AnnotationProblemTypeTest and SymbolicProblemTypeTest

Validate country on FA form

Add some missing @autoretry_read() decorators.
Change to PyMongo 3.x-compatible syntax.

SOL-1375: org help text updated