Django-composed-configuration

* Make `INTERNAL_IPS` work properly when running development in Docker

* Upgrade `django-oauth-toolkit` to a non-pinned working release
* Ensure the `girder_style` app is always loaded first

* Make the DRF test client use JSON-encoded request bodies

* Use `django-girder-style` for auth styling

* Allow DRF to use `SessionAuthentication`
* This comes with a significant caveat. The "TL;DR" is that using `{withCredentials: true}` / `{credentials: 'include'}` on Ajax requests in an SPA should not be done, and it will fail in misleading ways.
* Use `IsAuthenticatedOrReadOnly` as DRF's default permission class

* Switch back to `drf-yasg`
* Add dependent package requirements via extras
* Add a `DEFAULT_PAGINATION_CLASS` to DRF