Pin the poetry and tox version numbers to a know good set. Ensure that
we're using the most recent CI pipeline templates. The most recent (as
of writing) version of tox conflicts with the most recent poetry.

add user when authenticating

Closes #2

See merge request !4

Move over to using poetry for packaging and pre-commit for code checking

Closes #3

See merge request !5

This commit changes no functionality but add pre-commit checks based on
our usual template and fixes up the code to match. Note that this found
a real bug in the type annotation for the override_permissions_spec
decorator.

Port packaging to poetry. This does not make any changes to the existing
test matrix or requirements.

When authenticating a principal add a synthetic "APIGatewayUser" object
as the request user. This object is not backed by a database object but
does have an id meaning that DRF templates used to render the API views
will correctly identify the authenticated user.

This unpacked somewhat because of a slight break with Django convention
exhibited by this app.

One needs to be _very_ careful with what is imported as a side-effect of
importing the top-level application module. That is because that module
is imported at application configure time as part of configuring the
application. It follows that applications in general are not yet
configured when the top-level application module is imported.

The top-level module here then directly imports some of the
implementation. So now our implementation must not rely on applications
having been configured at import time.

We got away with this due to the simplicity of the application but
attempting to derive from AnonymousUser triggered the problem: trying to
import anything from django.contrib.auth.models threw an exception about
applications not being configured.

The convention for DRF authentication classes is for them to sit in a
submodule named "authentication" within the top-level application. This
is for good reason; trying to have them in the top-level leads to this
sort of pain.

Unfortunately we have users in the wild using
"apigatewayauth.APIGatewayAuthentication" in their settings and so we
need to support that until users are fixed up to use
"apigatewayauth.authentication.APIGatewayAuthentication".

In the meantime, do some nasty hackery to support what was required by
the original issue.

Closes #2

Support later Django versions

Closes #1

See merge request !3

Update (or, more correctly, create) the changelog in the process.

We now have common Python project CI templates which, while continuing
to support PyPI publication, also allow for parallel matrix testing with
tox.

The GitLab CI configuration in this repo dates from a time before this
feature was in GitLab (as noted in the comments) and so had to work
around it by creating a lot of templated jobs.

Simplify the CI configuration by making use of the common template.

Downgrade required version of ucam-identitylib and be more permissive about required versions

See merge request !2

This is not ideal, but given that we only need the identifiers from identitylib
the downgrade in version and more permission version allows us to use this
library with libraries which are making use of different versions of identitylib
without needing to upgrade identitylib and refactor.

Initial implementation

See merge request !1