Sepiida

----
Only allow privileged session to make requests to know internal domains. Previously
privileged session would allow requests to any domain which could leak sensitive information
about how to internally authenticate in our services. Now we create a list of trusted domains
via SEPIIDA_INTERNAL_DOMAINS and if the domain of a requested URL doesn't match an error is
raised

----
Turn more JWT-based 500 errors into 400-level errors

----
Allow clients to override the secrets in the register_jwt_handlers function

----
Turn a 500 error during authentication into a 400-level error during authentication

----
Allow datetime claims when not verifying JWT. This avoids an exception when using but not verifying JWTs

----
Add configurable caching headers to APIEndpoint. By default GET requests will have a max-age of 10 seconds. You'll want to manually specify caching headers for any endpoints that do polling faster than that to allow browsers to actually make the request. You can specify the caching header with


class Endoint(sepiida.endpoints.APIEndpoint):
CACHING = {'GET': 'some value for cache-control'}


Also add the ability to add raven integration to a project through sepiida which will set the user context based on the user's session information

Also add default expose headers for CORS that expose Location and X-Sentry-ID. These can be overridden in the register_cors_handlers function by adding a list of headers to expose for a particular service

Also fix a security issue related to opening up LIST methods on accident when opening GET methods.