Serrano

**Enhancements**
- The field values resource has a tiny tweak that boosted performance significantly for large data sets. See the [commit message](https://github.com/cbmi/serrano/commit/679205740655e0cd79be6424bee8352016f97b68) for details.

**Changes**
- DataView and DataContext objects are now fetched by the latest modified session rather than assuming there is only one present. This is to prevent completely breaking the endpoint in case a race condition leads to this situation.
- Update to a minimum requirement of Avocado 2.3.4

**Enhancements**
- The `name` field on `Field` and `Concept` preserialize templates now maps to the `__unicode__` method of the instance. This _pushes down_ the logic for returning non-empty name to Avocado.
- The `FieldValuesResource` now takes advantage of the supplementary field APIs in Avocado 2.3.1 for properly validation values vs. labels. (172)

**Changes**

In an effort to make the contributing to Serrano more transparent and safer for all, a Developer Certificate of Origin (DCO) has been added to the [CONTRIBUTING.md](https://github.com/cbmi/serrano/blob/master/CONTRIBUTING.md). As a contributor, this certifies that you are legally allowed to contribute the code submitted as patches (in pull requests or otherwise).

This requires that all contributors to the repository now sign off their commits using the `git commit --signoff` (or `-s` for short). A script has been added to the Travis-CI config to check for the presence of the `Signed-off-by:` line. If any commit does not contain this, the build will error which will prevent core contributors from merging your code.

**Enhancements**
- The `check_auth` decorator has been removed in favor of authenticating in the `is_unauthorized` method on the resource (155)
- Note, Any resources that overrode this method must be updated to override the `is_unauthorized` method. Although this is technically a breaking change, overriding the `__call__` method where this decorator was applied was not public API, but being noted here since it may have occurred.
- `ApiToken` model admin now generates a token on save rather than requiring one to be manually entered (156)
- Includes better list display of tokens for revoking
- Add support for setting `context_json` on ObjectSet instances (159)
- Add context and query stats endpoints (143)
- This will eventually supersede recomputing the count when a context or query is saved.

**Enhancement**

The `/api/fields/<pk>/values/` endpoint now supports validating a field value based on the label. This typically only affects non-primitive data fields such as lexicon and object sets.

**Enhancements**
- Support for setting `limit=0` for pagination-based resources to return all results (150)
- Currently includes the `/api/fields/<pk>/values/` and `/api/data/preview/` endpoints

**Features**
- Optional support for Object Sets (136)
- New "ping" resource returns the server and session status, such as when a user's session times out (86)
- For client's that poll the ping endpoint (such as Cilantro), the project settings `SESSION_SAVE_EVERY_REQUEST` must be set to false so the session does not refresh indefinitely

**Enhancements**
- Resources and endpoints are now defined for categories (133)

**Changes**
- The default sort order for concepts is relative to the category they are contained in (132)
- Unpublished fields and concepts are no longer exposed by default for users with permission to view them (such as superusers)

**Bugs**
- The `order` field is now exposed in the field and concept field resources (134)