Service Workers Invalid security token and Clear Site Data HTTP Header (

octobercms#4088)

If a website has a Service Worker installed it would load and register before a User tries to login to the backend causing a "Invalid security token" message. This PR unregisters any installed Service Worker when a User opens the backend Signin webpage.

I have also added the NEW Security Headers to add Protection to October's Cache and Cookies. This includes two new Middleware that first clears any bad cached data before a User tries to login and the second Middleware will clear all the sensitive User Data when a User signs out of the Backend.

For more info on the new Security Header 'Clear Site Data' you can see the spec found here: https://www.w3.org/TR/clear-site-data/

Fixes octobercms#4076, fixes octobercms#3707.

Improve support for dropdowns with placeholders (octobercms#4060)

Fixes octobercms#4053. Credit to @GinoPane

Fix issue where the clear search button would submit a form if the se…

…arch widget is within an HTML form

Add soft delete column to backend users so that migrations that use t…

…he User model work

Replace URL parameters dynamically without needing a list in advance (o…

…ctobercms#3361)

Fixes octobercms#3358. Credit to @jimcottrell

Properly utilize the plainOnly flag in mail.beforeAddContent (october…

…cms#3479)

Credit to @hlev

Peer review 52d1388

This uses a simpler approach and leverages improvements to the validation trait
See octobercms/library@574031d
Refs octobercms#2489

Typo

User disabled plugins now stay disabled after sign in

Fixes octobercms#1795
Fixes octobercms#3691

Finished documenting Lists widget's events:

backend.list.extendQueryBefore
backend.list.extendQuery
backend.list.extendRecords
backend.list.extendColumns
backend.list.overrideHeaderValue
backend.list.injectRowClass

Also improved:
backend.list.overrideColumnValue
backend.list.overrideColumnValueRaw