TNL-4672

Moves ENABLE_INSTRUCTOR_EMAIL and REQUIRE_COURSE_EMAIL_AUTH from settings files
to admin-accessible configuration models. This allows for the bulk email settings
to be modified without a new AMI deploy. See TNL-4504.

Also updates tests:
    -python tests mock out the new configurations in place of the old settings
    -lettuce test has been moved to bokchoy
        (note that there was some loss of coverage here - the lettuce tests had
        been doing some voodoo to allow for cross-process inspection of emails
        messages being "sent" by the server, from the client! In discussion with
        testeng, this seems outside the realm of a visual acceptance test. So,
        the bokchoy test simply confirm the successful queueing of the message,
        and leaves the validation of sending messages to the relevant unit tests.)
    -bok choy fixture has been added, to replace the settings in acceptance.py
    -lettuce and bok choy databases have been updated to reflect the backend changes

The new default is to have bulk_email disabled, we'll need to call this out in the
next OpenEdx release to ensure administrators enable this feature if needed.

Available backends:

* django-oauth-toolkit (DOT)
* django-oauth2-provider (DOP)

* Use provided client ID to select backend for
  * AccessToken requests
  * third party auth-token exchange
* Create adapters to isolate library-dependent functionality
* Handle django-oauth-toolkit tokens in edX DRF authenticator class

MA-1998
MA-2000

MA-1998 Install and configure django_oauth_toolkit to coexist with
existing oauth libraries.

This now correctly migrates and dumps files for both databases.

Run lettuce migrations for both databases

Two new certificate statuses are introduced, 'audit_passing' and
'audit_notpassing'. These signal that the GeneratedCertificate is not
to be displayed as a cert to the user, and that they either passed or
did not. This allows us to retain existing grading logic, as well as
maintaining correctness in analytics and reporting.

Ineligible certificates are hidden by using the
`eligible_certificates` manager on GeneratedCertificate. Some places
in the coe (largely reporting, analytics, and management commands) use
the default `objects` manager, since they need access to all
certificates.

ECOM-3040
ECOM-3515

Please note that this is a squshed commit and the work of:
Symbolist, macdiesel, nedbat, doctoryes, muzaffaryousaf and muhammad-ammar

JIRA: TNL-710

IMPORTANT: this commit converts the course_groups
package to using migrations.  When deploying to an
existing openedx instance, migration 0001 may fail
with an error indicating that the CourseUserGroup
table already exists.  If this happens, running
the 0001 migration first, with the --fake option,
is recommended.  After performing this step,
remaining migrations should work as expected.

Update db cache