`subprocess.Popen` doesn't accept enviroment vars with Unicode var name
or value.

This behavior was removed in 67d98441
but is needed to prevent a crash in formtools.

Thanks Tim for the review.

This was reflected by 27 i18n test errors (not failures) on such
platform caused by corrupt intermediate PO catalog files fed to
`msgmerge(1)`.

Made it handle in-memory PO/POT file contents with normalized line
separators (`'\n'`).

We need to perform manually this after using `subprocess.Popen` as we
can't pass it `universal_newlines=True`.

Also fixes #26670 in the process as this commit refactors the same code
section.

Thanks Jasper Maes for the detailed report.

Broke the initial migration in two to work around #25530 and added
'django.contrib.auth' to the available_apps to make sure its tables are also
flushed as Oracle doesn't implement cascade deletion in sql_flush().

Thanks Tim for the report.

Mistakenly pushed to django/django instead of another repo

This reverts commit 6dde884c.

Thanks Tim for the report.

Note that the cookie is not changed every request, just the token retrieved
by the `get_token()` method (used also by the `{% csrf_token %}` tag).

While at it, made token validation strict: Where, before, any length was
accepted and non-ASCII chars were ignored, we now treat anything other than
`[A-Za-z0-9]{64}` as invalid (except for 32-char tokens, which, for
backwards-compatibility, are accepted and replaced by 64-char ones).

Thanks Trac user patrys for reporting, github user adambrenecki
for initial patch, Tim Graham for help, and Curtis Maloney,
Collin Anderson, Florian Apolloner, Markus Holtermann & Jon Dufresne
for reviews.

Test suites besides Django's may need the same behavior.

The tests for this change are in the fix for #25774.