Added the CSRF_TRUSTED_ORIGINS setting which contains a list of other
domains that are included during the CSRF Referer header verification
for secure (HTTPS) requests.

Thanks Anssi Kääriäinen for providing the solution.

The corresponding HTML was removed in
738d9af1.

Thanks Marcin Biernat for the initial patch and tests.

Fixed #25058 -- Added GenericRelations with related_query_name to the admin's delete confirmation page.

Thanks Tom Christie for the report and review.

This is preparation for landing the template-based widget rendering
patch and goes a long way to making these tests more useful for future
development. The old doctest heritage is strong here.

Was added in 44164c5c but the
transaction.commit_unless_managed() line was removed in
ba5138b1; thus the test does nothing
but check that clear() runs.

Using select_related() after .values() or .values_list() is not possible
because .values() or .values_list() already got the values they need.

Thanks to Keryn Knight, Curtis Maloney and Tim Graham for their reviews.

Refs #24704.

With this change, it's expected to survive anything except errors
that make it impossible to import the settings. It's too complex
to fallback to a sensible behavior with a broken settings module.

Harcoding things about runserver in ManagementUtility.execute is
atrocious but it's the only way out of the chicken'n'egg problem:
the current implementation of the autoreloader primarily watches
imported Python modules -- and then a few other things that were
bolted on top of this design -- but we want it to kick in even if
the project contains import-time errors and django.setup() fails.

At some point we should throw away this code and replace it by an
off-the-shelf autoreloader that watches the working directory and
re-runs `django-admin runserver` whenever something changes.

This also fixes a test failure on Python 2 when Django is installed in a
non-ASCII path. This problem cannot happen on Python 3.