Open-api-framework

------------------

**Security updates**

* Upgrade django to 4.2.17

------------------

**Bugfixes/QOL**

* Change ``LOG_STDOUT`` default value to True
* Re-add separate ``CELERY_LOGLEVEL`` configuration setting

------------------
**New Features**

* Add ``SESSION_COOKIE_AGE`` configurable setting
* Add user session management admin

.. note::

SessionProfile admin should be added to admin index and its fixture.

**Bugfixes/QOL**

* fix runtime configuration for django-log-outgoing-requests

------------------

**Bugfixes/QOL**

* Change SESSION_COOKIE_SAMESITE to "Lax" to fix OIDC (72)
* Remove url from SECRET_KEY help text (76)
* Change CSP headers to support API schema page

------------------

**New features**

* Add Django CSP with configurable settings
* Add SECURE_HSTS_SECONDS and CSRF_COOKIE_HTTPONLY settings

.. warning::

SECURE_HSTS_SECONDS has been added with a default of 31536000 seconds, ensure that
before upgrading to this version of open-api-framework, your entire application is served
over HTTPS, otherwise this setting can break parts of your application (see https://docs.djangoproject.com/en/4.2/ref/middleware/#http-strict-transport-security)

**Bugfixes/QOL**

* Fix rendering for envvar defaults (previously quotes were escaped)
* Move ``CACHE_DEFAULT``, ``CACHE_AXES``, ``EMAIL_HOST`` envvars to Required group (because they are required for Docker)
* Add CI job to check if all envvars are either documented or excluded from documentation

------------------

**Bugfixes**

* Add missing help_text for SESSION_COOKIE_SAMESITE and CSRF_COOKIE_SAMESITE envvars